모의해킹을 진행하는데 필요한 사이트들이 잘 수집되어 있습니다.
http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/
...(상세보기)를 통해 볼 수 있습니다.
http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/
...(상세보기)를 통해 볼 수 있습니다.
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
- http://sla.ckers.org/forum/index.php
- http://www.ethicalhacker.net/
- http://www.backtrack-linux.org/forums/
- http://www.elitehackers.info/forums/
- http://www.hackthissite.org/forums/index.php
- http://securityoverride.com/forum/index.php
- http://www.iexploit.org/
- http://bright-shadows.net/
- http://www.governmentsecurity.org/forum/
- http://forum.intern0t.net/
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
- http://carnal0wnage.blogspot.com/
- http://www.mcgrewsecurity.com/
- http://www.gnucitizen.org/blog/
- http://www.darknet.org.uk/
- http://spylogic.net/
- http://taosecurity.blogspot.com/
- http://www.room362.com/
- http://blog.sipvicious.org/
- http://blog.portswigger.net/
- http://pentestmonkey.net/blog/
- http://jeremiahgrossman.blogspot.com/
- http://i8jesus.com/
- http://blog.c22.cc/
- http://www.skullsecurity.org/blog/
- http://blog.metasploit.com/
- http://www.darkoperator.com/
- http://blog.skeptikal.org/
- http://preachsecurity.blogspot.com/
- http://www.tssci-security.com/
- http://www.gdssecurity.com/l/b/
- http://websec.wordpress.com/
- http://bernardodamele.blogspot.com/
- http://laramies.blogspot.com/
- http://www.spylogic.net/
- http://blog.andlabs.org/
- http://xs-sniper.com/blog/
- http://www.commonexploits.com/
- http://www.sensepost.com/blog/
- http://wepma.blogspot.com/
- http://exploit.co.il/
- http://securityreliks.wordpress.com/
- http://www.madirish.net/index.html
- http://sirdarckcat.blogspot.com/
- http://reusablesec.blogspot.com/
- http://myne-us.blogspot.com/
- http://www.notsosecure.com/
- http://blog.spiderlabs.com/
- http://www.corelan.be/
- http://www.digininja.org/
- http://www.pauldotcom.com/
- http://www.attackvector.org/
- http://deviating.net/
- http://www.alphaonelabs.com/
- http://www.smashingpasswords.com/
- http://wirewatcher.wordpress.com/
- http://gynvael.coldwind.pl/
- http://www.nullthreat.net/
- http://www.question-defense.com/
- http://archangelamael.blogspot.com/
- http://memset.wordpress.com/
- http://sickness.tor.hu/
- http://punter-infosec.com/
- http://www.securityninja.co.uk/
- http://securityandrisk.blogspot.com/
OSINT Sites:
OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets. This section is doing okay atm.
OSINT Presos
- http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
- http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/
- http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
- http://www.slideshare.net/Laramies/tactical-information-gathering
- http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
- http://infond.blogspot.com/2010/05/toturial-footprinting.html
People and Organizational
- http://www.spokeo.com/
- http://www.123people.com/
- http://www.spoke.com/
- http://www.xing.com/
- http://zoominfo.com/
- http://pipl.com/
- http://www.zabasearch.com/
- http://www.searchbug.com/default.aspx
- http://theultimates.com/
- http://skipease.com/
- http://addictomatic.com/
- http://socialmention.com/
- http://entitycube.research.microsoft.com/
- http://www.yasni.com/
- http://tweepz.com/
- http://tweepsearch.com/
- http://www.glassdoor.com/index.htm
- http://www.jigsaw.com/
- http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
- http://www.tineye.com/
- http://www.peekyou.com/
- http://picfog.com/
- http://twapperkeeper.com/index.php
Infrastructure
- http://uptime.netcraft.com/
- http://www.serversniff.net/
- http://www.domaintools.com/
- http://centralops.net/co/
- http://hackerfantastic.com/
- http://whois.webhosting.info/
- https://www.ssllabs.com/ssldb/analyze.html
- http://www.clez.net/
- http://www.my-ip-neighbors.com/
- http://www.shodanhq.com/
- http://www.exploit-db.com/google-dorks/
Exploits and Advisories
Places to go for exploit descriptions, white-papers, and code. Needs work.
- http://www.exploit-db.com/
- http://www.cvedetails.com/
- http://www.milw0rm.com/ (Down permanently)
- http://www.packetstormsecurity.org/
- http://www.securityforest.com/wiki/index.php/Main_Page
- http://www.securityfocus.com/bid
- http://nvd.nist.gov/
- http://osvdb.org/
- http://www.nullbyte.org.il/Index.html
- http://secdocs.lonerunners.net/
- http://www.phenoelit-us.org/whatSAP/index.html
- http://secunia.com/
- http://cve.mitre.org/
Exploitation Intro
If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
- http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
- http://mariano-graziano.llab.it/docs/report.pdf
- http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
- http://www.ethicalhacker.net/content/view/122/2/
- http://code.google.com/p/it-sec-catalog/wiki/Exploitation
- http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
Agile Hacking
Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen. Needs work.
- http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
- http://blog.commandlinekungfu.com/
- http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
- http://isc.sans.edu/diary.html?storyid=2376
- http://isc.sans.edu/diary.html?storyid=1229
- http://ss64.com/nt/
- http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
- http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
- http://www.zonbi.org/?p=253
- http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
- http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
- http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
Cheatsheets and fu!
Random cheatsheets for heavily used tools and reference. Needs a lot of work. Organizations is weird atm, web cheatsheets are in "web vectors" and here. Could be sub categorized?
- http://blog.commandlinekungfu.com/
- http://www.pentesterscripting.com/
- http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
- http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
- http://ha.ckers.org/xss.html
- http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
- http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
- http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
- http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
- http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
- http://en.wikipedia.org/wiki/IPv4_subnetting_reference
- http://pastie.org/840199
- http://cirt.net/passwords
- http://cirt.net/ports_dl.php?export=services
- http://www.cheat-sheets.org/
- http://blog.c22.cc/2010/09/06/a-littel-bit-of-fuzz/
- http://packetstormsecurity.org/Crackers/wordlists/
- http://www.robvanderwoude.com/ntadmincommands.php
- http://html5sec.org/
- http://ha.ckers.org/sqlinjection/
- http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
- http://michaeldaw.org/sql-injection-cheat-sheet
Nix <3
Collection of nix command line knowledge and distributions for pentesting. Needs work.
- http://www.linuxsurvival.com/
- http://www.linuxfromscratch.org/
- http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
- http://shelldorado.com/shelltips/beginner.html
Distros
- https://pentoo.ch/
- http://www.nubuntu.org/
- http://www.matriux.com/
- http://www.backtrack-linux.org/
- http://samurai.inguardians.com/
- http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
- http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
- http://www.piotrbania.com/all/kon-boot/
- http://www.matriux.com/index.php?page=home
Training/Classes
Open source classes relating to hacking and penetration testing. I would really like to find more of these (that are worthwhile). New section added, Programming -> Python
- http://pentest.cryptocity.net/
- http://samsclass.info/124/124_Sum09.shtml
- http://www.cs.ucsb.edu/~vigna/courses/cs279/
- http://www.offensive-security.com/metasploit-unleashed/
- http://www.irongeek.com/i.php?page=videos/metasploit-class
- http://www.irongeek.com/i.php?page=videos/password-exploitation-class
- http://code.google.com/p/websecurify/wiki/DemoSites
- http://www.binary-auditing.com/
Programming
- http://code.google.com/edu/languages/google-python-class/index.html
- http://www.thenewboston.com/?cat=40&pOpen=tutorial
Methodologies
Some practical and some high level methodologies for hacking related activities. OSSTMM needs not apply. Needs a lot of work.
- http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
- http://www.webappsec.org/projects/threat/
- http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- http://www.social-engineer.org/
Lectures
New section added.
- http://www.cs.sjtu.edu.cn/~kzhu/cs490/
- https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
- http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
Labs
If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to's will help. needs work, would like to convert to direct links as well. New section added, Vulnerable Software
- http://blog.securitymonks.com/2009/08/23/learning-by-doing-hacker-challenges-and-practice-sites/
- http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
- http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/
- http://www.linux.com/archive/feed/60267
- http://www.crackmes.de/
- http://www.damnvulnerablelinux.org/#
- http://www.offensive-security.com/metasploit-unleashed/getting-the-required-files
- http://www.vmware.com/products/converter/
- http://sumolinux.suntzudata.com/
VMs
- http://sourceforge.net/projects/websecuritydojo/
- http://code.google.com/p/owaspbwa/wiki/ProjectSummary
- http://heorot.net/livecds/
- http://informatica.uv.es/~carlos/docencia/netinvm/
- http://blog.metasploit.com/2010/05/introducing-metasploitable.html
- http://www.kioptrix.com/blog/
- http://pynstrom.net/index.php?page=holynix.php
- http://www.dvwa.co.uk/
- http://www.damnvulnerablelinux.org
- http://www.hacking-lab.com/hl_livecd/
- http://www.krash.in/bond00/pWnOS%20v1.0.zip
- http://sourceforge.net/projects/virtualhacking/files/
- http://digitaloffense.net/tools/UltimateLAMP-0.2.zip.torrent (Info: http://ronaldbradford.com/blog/ultimatelamp-2006-05-19/)
- http://www.badstore.net/
- https://github.com/adamdoupe/WackoPicko
- http://sourceforge.net/projects/lampsecurity/files/
- http://www.bonsai-sec.com/en/research/moth.php
Vulnerable Software
Tools
My dump folder for tools or guides related to doing cool things with them. Partially parsed, hasn't really been inspected for relevancy. Needs a LOT of help, parsing, additions, etc. I added a new section, Reverse Engineering and SAP
OSINT/Metadata
- http://www.informatica64.com/DownloadFOCA/
- http://www.edge-security.com/metagoofil.php
- http://www.sno.phy.queensu.ca/~phil/exiftool/
- http://lcamtuf.coredump.cx/strikeout/
- http://www.edge-security.com/theHarvester.php
- http://www.mavetju.org/unix/dnstracer-man.php
- http://www.paterva.com/web5/client/community.php
Google Hacking
- http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
- http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
- http://sqid.rubyforge.org/#next
- http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
Web
- http://w3af.sourceforge.net/
- http://sqlmap.sourceforge.net/
- http://www.bindshell.net/tools/beef
- http://sourceforge.net/projects/yokoso/
- http://blindelephant.sourceforge.net/
- http://websecuritytool.codeplex.com/documentation?referringTitle=Home
- http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
- http://code.google.com/p/fimap/
- http://code.google.com/p/skipfish/
- http://code.google.com/p/fm-fsf/
- http://sourceforge.net/projects/rips-scanner/
- http://www.divineinvasion.net/authforce/
- http://andlabs.org/tools.html#sotf
- http://xsser.sourceforge.net/
Social Engineering
Passwords
- http://nmap.org/ncrack/
- http://www.foofus.net/jmk/medusa/medusa.html
- http://ophcrack.sourceforge.net/
- http://www.foofus.net/~jmk/rdesktop.html
- http://hashcrack.blogspot.com/
- http://www.oxit.it/
Wordlists
Metasploit
- http://www.offensive-security.com/metasploit-unleashed/
- http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
- http://code.google.com/p/msf-hack/wiki/WmapNikto
- http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
- http://seclists.org/metasploit/
- http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
- http://meterpreter.illegalguy.hostzi.com/
- http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
- http://blog.metasploit.com/2010/03/automating-metasploit-console.html
- http://www.workrobot.com/sansfire2009/561.html
- http://www.irongeek.com/i.php?page=videos/metasploit-class
- http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
- http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
- http://vimeo.com/16925188
- http://vimeo.com/16852783
- http://milo2012.wordpress.com/2009/09/27/xlsinjector/
- http://www.fastandeasyhacking.com
- http://www.hackcommunity.com/Thread-Metasploit-Mega-Primer-Over-300-Minutes-of-Video-Tutorial
- https://trunk.ly/Opexxx/?t=metasploit
- http://www.fastandeasyhacking.com/
the section under marked "msf or easy" are links to the nessus plugins that are in metasploit.
NSE
Misc
- http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
- http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
Scanners
- http://asturio.gmxhome.de/software/sambascan2/i.html
- http://seccubus.com/
- http://arachni.segfault.gr/news
- http://www.websecurify.com/
Proxies
Burp
- http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
- http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
- http://sourceforge.net/projects/belch/files/
- http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
- http://blog.ombrepixel.com/post/2010/09/09/Running-w3af-plugins-in-Burp-Suite
- http://andlabs.org/tools.html#dser
Exploitation Utils/Post Exploitation
Netcat
- http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
- http://www.radarhack.com/tutorial/ads.pdf
- http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
- http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
- http://www.dest-unreach.org/socat/
- http://www.antionline.com/archive/index.php/t-230603.html
- http://technotales.wordpress.com/2009/06/14/netcat-tricks/
- http://seclists.org/nmap-dev/2009/q1/581
- http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
- http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
- http://gse-compliance.blogspot.com/2008/07/netcat.html
Web Attack Strings
Source Code
SAP
Tool Listings / Sites
- http://www.packetstormsecurity.org/tools100.html
- http://tools.securitytube.net/index.php?title=Main_Page
- http://www.darknet.org.uk/
- http://www.pentestit.com/
- http://dirk-loss.de/python-tools.htm
- http://xrayoptics.by.ru/database/
Reverse Engineering
- http://www.radare.org/y/
- http://www.ollydbg.de/
- http://www.hex-rays.com/idapro/
- http://www.immunityinc.com/products-immdbg.shtml
- http://visi.kenshoto.com/
Wireless
Web Vectors
I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.
SQLi
- http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
- http://isc.sans.edu/diary.html?storyid=9397
- http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
- http://www.evilsql.com/main/index.php
- http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
- http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
- http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
- http://sqlzoo.net/hack/
- http://www.sqlteam.com/article/sql-server-versions
- http://www.krazl.com/blog/?p=3
- http://www.owasp.org/index.php/Testing_for_MS_Access
- http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
- http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
- http://www.youtube.com/watch?v=WkHkryIoLD0
- http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
- http://vimeo.com/3418947
- http://sla.ckers.org/forum/read.php?24,33903
- http://websec.files.wordpress.com/2010/11/sqli2.pdf
- http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
- http://ha.ckers.org/sqlinjection/
- http://lab.mediaservice.net/notes_more.php?id=MSSQL
Upload Tricks
- http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
- http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
- http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
- http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
- http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
- http://www.ravenphpscripts.com/article2974.html
- http://www.acunetix.com/cross-site-scripting/scanner.htm
- http://www.vupen.com/english/advisories/2009/3634
- http://msdn.microsoft.com/en-us/library/aa478971.aspx
- http://dev.tangocms.org/issues/237
- http://seclists.org/fulldisclosure/2006/Jun/508
- http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
- http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
- http://shsc.info/FileUploadSecurity
LFI/RFI
- http://pastie.org/840199
- http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
- http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
- http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
- http://www.digininja.org/blog/when_all_you_can_do_is_read.php
XSS
- http://www.infosecwriters.com/hhworld/hh8/csstut.htm
- http://www.technicalinfo.net/papers/CSS.html
- http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
- http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
- https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
- http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
- http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
- http://heideri.ch/jso/#javascript
- http://www.reddit.com/r/xss/
- http://sla.ckers.org/forum/list.php?2
Coldfusion
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
- http://zastita.com/02114/Attacking_ColdFusion..html
- http://www.nosec.org/2010/0809/629.html
- http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
- http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
Sharepoint
Lotus
- http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
- http://seclists.org/pen-test/2002/Nov/43
- http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBoss
- http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
- http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
VMWare Web
Oracle App Servers
- http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
- http://www.owasp.org/index.php/Testing_for_Oracle
- http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
- http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
- http://www.ngssoftware.com/papers/hpoas.pdf
Misc Sec / Uncategorized
Not categorized, misc, and randomness.
- http://www.ikkisoft.com/stuff/SMH_XSS.txt
- http://vimeo.com/user2720399
- http://rubular.com/
- http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
- http://www.thesecurityrookies.com/
- http://mywiki.wooledge.org/BashPitfalls
- http://whatthefuckismyinformationsecuritystrategy.com/
- http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
- http://carnal0wnage.attackresearch.com/node/410
- http://www.sensepost.com/blog/4552.html
- http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
- http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
- http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
- http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
- http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
- http://junker.org/~tkh16/ncat-for-netcat-users.php
- http://secdocs.lonerunners.net/
- http://www.pentest-standard.org/index.php/Main_Page
Passwords and Hashes
Links pertaining to brute-forcing, rainbow tables, hashing, cracking, etc
MSSQL Hashes
Attacking SMB
Cracking LM / NTLM
MiTM
It's not even parsed yet, nor has it really been inspected for relevancy. Needs lots of work.
- http://www.giac.org/certified_professionals/practicals/gsec/0810.php
- http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
- http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
- http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
- http://www.mindcenter.net/uploads/ECCE101.pdf
- http://toorcon.org/pres12/3.pdf
- http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
- http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
- http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
- http://www.oact.inaf.it/ws-ssri/Costa.pdf
- http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
- http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
- http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
- http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
- http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
- http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
- http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
- http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
- http://articles.manugarg.com/arp_spoofing.pdf
- http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
- http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
- http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
Hacker Media
Needs additions to main pages of con video archives. It's an okay start though. Needs work.
- http://avondale.good.net/dl/bd/
- http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
- http://www.youtube.com/user/ChRiStIaAn008
- http://www.youtube.com/user/HackingCons
- http://www.irongeek.com/i.php?page=videos/aide-winter-2011
- http://www.woodmann.com/TiGa/idaseries.html
- http://www.securitytube.net
- http://www.hackernews.com/
Magazines
Capture the Flag/Wargrames
- http://intruded.net/
- http://smashthestack.org/
- http://flack.hkpco.kr/
- http://ctf.hcesperer.org/
- http://ictf.cs.ucsb.edu/
