-
-
Save kelamrani/85975b4527623cc85783db011943b3f7 to your computer and use it in GitHub Desktop.
All links from Hacker Playbook 3, with bit.ly links unfurled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Document infos: | |
| - Author = Peter Kim | |
| - CreationDate = D:20180505020009+00'00' | |
| - Creator = calibre 2.69.0 [https://calibre-ebook.com] | |
| - Pages = 308 | |
| - Producer = calibre 2.69.0 [https://calibre-ebook.com] | |
| - Title = The Hacker Playbook 3: Practical Guide To Penetration Testing | |
| - dc = {'publisher': ['Secure Planet'], 'description': {'x-default': None}, 'language': ['en'], 'creator': ['Peter Kim'], 'title': {'x-default': 'The Hacker Playbook 3: Practical Guide To Penetration Testing'}, 'date': ['2018-05-01T00:00:00+02:00'], 'subject': []} | |
| - http://calibre-ebook.com/xmp-namespace = {'timestamp': '2018-05-03T18:05:43.134685+02:00', 'author_sort': 'Kim, Peter'} | |
| - xap = {'Identifier': ['\n '], 'MetadataDate': '2018-05-05T04:00:09.811485+02:00'} | |
| References: 521 | |
| - URL: 521 | |
| - PDF: 1 | |
| URL References: | |
| - https://www.windowscentral.com/how-permanently-disable-windows-defender-antivirus-windows-10 | |
| - https://github.com/cyberspacekittens/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Real-Password-WPA-MegaLinks.md | |
| - http://webserver/payload | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Invoke-NinjaCopy.ps1 | |
| - laurent.blogspot.com/2016/10/introducing-responder-multirelay-10.html | |
| - https://github.com/trustedsec/nps_payload | |
| - vpn.loca1host.com | |
| - https://www.fireeye.com/blog/threat- | |
| - 2Fcyberspacekittens.com | |
| - https://www.w3schools.com/tags/ref_eventattributes.asp | |
| - https://github.com/mitre/caldera | |
| - https://lightsail.aws.amazon.com/ | |
| - http://blog.portswigger.net/2015/08/server-side-template-injection.html | |
| - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you- | |
| - http://www.fuzzysecurity.com/tutorials/16.html | |
| - https://github.com/trustedsec/social-engineer-toolkit | |
| - https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors | |
| - https://github.com/breenmachine/httpscreenshot | |
| - lethalsecurity.com | |
| - https://www.vulnerability- | |
| - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029#diff-025d24bfdd78aa27353572d067da50b3L260 | |
| - https://imagetragick.com/ | |
| - https://shop.riftrecon.com/products/under-the-door-tool | |
| - a0.awsstatic.com | |
| - https://mail.cyberspacekittens.com/owa/auth/logon.aspx | |
| - https://buer.haus/breport/index.php | |
| - https://blog.kchung.co/rfid- | |
| - http://thehackerplaybook.com/training/ | |
| - https://github.com/lukebaggett/dnscat2-powershell | |
| - http://chat:3000/ssrf | |
| - https://github.com/luin/serialize/search?utf8=%E2%9C%93&q=eval&type= | |
| - https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/ | |
| - https://github.com/cyberspacekittens/password_cracking_rules | |
| - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658 | |
| - https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample- | |
| - https://github.com/anshumanbh/git-all-secrets | |
| - https://www.social-engineer.org/wp-content/uploads/2017/11/SECTF-2017.pdf | |
| - http://hackerwarehouse.com/product/proxmark3-rdv2-kit/ | |
| - https://gist.githubusercontent.com/cheetz/4d6a26bb122a942592ab9ac21894e57b/raw/f58e82c9abfa46a932eb92edbe6b18214141439b/all.txt | |
| - https://github.com/thealpiste/C_ReverseHTTPS_Shellcode | |
| - https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf | |
| - http://mirrors.jenkins.io/war-stable/1.651.2/ | |
| - https://github.com/Coalfire-Research/Red-Baron | |
| - https://github.com/cheetz/sslScrape | |
| - https://www.us-cert.gov/ncas/alerts/TA13-088A | |
| - https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ | |
| - https://github.com/robertdavidgraham/masscan | |
| - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/ | |
| - https://bugs.chromium.org/p/project-zero/issues/detail?id=1428 | |
| - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot | |
| - https://github.com/tennc/webshell | |
| - https://github.com/cheetz/dnscat2/tree/master/server/controller | |
| - http://www.harmj0y.net/blog/empire/empire-1-5/ | |
| - https://msdn.microsoft.com/en- | |
| - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project | |
| - pipl.com | |
| - mail.google.com | |
| - https://technet.microsoft.com/en- | |
| - Censys.io | |
| - https://serverfault.com/questions/356123/how-to-allow-just-one-user-to-login-in-special-computer-in-server-2003 | |
| - testlab.company.com | |
| - https://github.com/cheetz/THP-ChatSupportSystem/blog/master/lab.txt | |
| - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb | |
| - https://www.youtube.com/watch | |
| - https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/ | |
| - https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/amazon.profile | |
| - https://www.eff.org/pages/legal-assistance | |
| - https://gist.githubusercontent.com/scumjr/17d91f20f73157c722ba2aea702985d2/raw/a37178567ca7b816a5c6f891080770feca5c74d7/dirtycow-mem.c | |
| - https://www.us-cert.gov/ncas/alerts/TA18-086A | |
| - https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/ | |
| - https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a- | |
| - https://www.mdsec.co.uk/2018/03/payload-generation-using- | |
| - https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1 | |
| - https://github.com/hashcat/hashcat-utils/releases | |
| - https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a#df21 | |
| - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection | |
| - http://chat:3000/xss | |
| - thehackerplaybook.com/updates | |
| - https://en.wikipedia.org/wiki/Immediately-invoked_function_expression | |
| - https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application- | |
| - https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content | |
| - https://github.com/cheetz/hidemyps | |
| - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/ | |
| - https://github.com/danielbohannon/Invoke-Obfuscation | |
| - https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/ | |
| - https://www.arin.net/ | |
| - https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/ | |
| - https://github.com/EmpireProject/Empire | |
| - https://github.com/rebootuser/LinEnum | |
| - http://sqlmap.org/ | |
| - https://rileykidd.com/2017/08/03/application-whitelist-bypass- | |
| - https://wiki.skullsecurity.org/Passwords | |
| - https://github.com/ChrisTruncer/EyeWitness | |
| - https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellIcmp.ps1 | |
| - https://thehackernews.com/2017/12/data- | |
| - https://github.com/blechschmidt/massdns | |
| - https://medium.com/@mirkatson/running-metasploit-on-kali-linux-docker-aws-ec2-instance-a2f7d7310b2b | |
| - https://github.com/bluscreenofjeff/AggressorScripts/blob/master/mimikatz-every-30m.cna | |
| - https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs | |
| - http://getgophish.com/documentation/ | |
| - https://github.com/mdsecactivebreach/SharpShooter | |
| - https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/ | |
| - https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password- | |
| - n.name | |
| - https://bugs.chromium.org/p/project-zero/issues/list | |
| - https://snyk.io/test/npm/node-serialize | |
| - http://chat:3000/ti | |
| - https://github.com/Ne0nd0g/merlin | |
| - https://github.com/hashcat/hashcat/tree/master/rules | |
| - https://github.com/harleyQu1nn/AggressorScripts | |
| - https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| - https://www.esecurityplanet.com/network-security/unpatched-open-source-software-flaw-blamed-for-massive-equifax-breach.html | |
| - https://powersploit.readthedocs.io/en/latest/Recon/Invoke- | |
| - https://github.com/GreatSCT/GreatSCT/tree/develop | |
| - https://inteltechniques.com/OSINT/pastebins.html | |
| - https://i.imgur.com/FdtLoFI.jpg | |
| - https://github.com/nccgroup/demiguise | |
| - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/ | |
| - http://security.debian.org/debian- | |
| - https://github.com/christophetd/censys-subdomain-finder | |
| - msg.name | |
| - https://github.com/lgandx/Responder.git | |
| - https://github.com/frohoff/ysoserial | |
| - SkullSecurity.org | |
| - https://www.offensive-security.com/metasploit-unleashed/fun-incognito/ | |
| - https://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/ | |
| - https://github.com/cheetz/thpDropper.git | |
| - http://thehackerplaybook.com/get.php?type=XXE-vm | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731(v=vs.85).aspx | |
| - http://thehackerplaybook.com/get.php?type=csk-web | |
| - https://enigma0x3.net/2017/01/23/lateral-movement-via- | |
| - https://room362.com/post/2017/dump-laps-passwords-with- | |
| - http://www.pentest-standard.org | |
| - http://cyberspacekittens.com | |
| - https://github.com/rapid7/metasploit- | |
| - https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization- | |
| - https://centralops.net/co/domaindossier.aspx | |
| - https://www.blackhillsinfosec.com/evade-application-whitelisting- | |
| - http://ubm.io/2GI5EAq | |
| - https://github.com/leebaird/discover | |
| - http://www.ubuntuboss.com/how-to-install-openvpn-access-server-on-ubuntu- | |
| - https://crackstation.net/files/crackstation.txt.gz | |
| - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
| - https://www.youtube.com/watch?v=vxXLJSbx1SI | |
| - https://github.com/bluscreenofjeff/Malleable-C2-Randomizer | |
| - https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator | |
| - https://github.com/cyberspacekittens/nsa-rules | |
| - https://en.wikipedia.org/wiki/String_interpolation | |
| - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb | |
| - http://thehackerplaybook.com/get.php?type=csk-lab | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/ms741563(v=vs.85).aspx | |
| - https://github.com/rsmudge/Malleable-C2-Profiles | |
| - https://github.com/api0cradle/UltimateAppLockerByPassList | |
| - https://github.com/tanprathan/OWASP-Testing-Checklist | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Mimikatz.ps1 | |
| - https://github.com/nahamsec/HostileSubBruteforcer | |
| - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic- | |
| - 2fmail.cyberspacekittens.com | |
| - https://github.com/epinna/tplmap | |
| - http://chat:3000/serverStatus?text=1 | |
| - http://www.piotrbania.com/all/kon- | |
| - https://www.microsoft.com/en-us/download/details.aspx?id=41653 | |
| - http://ubm.io/2ECTYSi | |
| - docs.google.com | |
| - https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XXE- | |
| - https://github.com/cheetz/ceylogger/blob/master/callback | |
| - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on | |
| - https://hackerone.com/reports/128088 | |
| - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241 | |
| - https://www.southord.com/ | |
| - mailcyberspacekittens.com | |
| - http://releases.llvm.org/download.html | |
| - www.amazon.com | |
| - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection | |
| - https://github.com/hak5/bashbunny-payloads.git | |
| - https://censys.io/ | |
| - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot | |
| - https://html5sec.org/ | |
| - http://chat:3000/chatchannel/1 | |
| - https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/ | |
| - https://amzn.to/2ItaySR | |
| - https://github.com/Cn33liz/p0wnedShell | |
| - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows | |
| - https://github.com/s0lst1c3/eaphammer | |
| - https://bitrot.sh/post/30-11-2017- | |
| - company.com | |
| - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection | |
| - https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/ | |
| - https://www.synack.com/red- | |
| - https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/ | |
| - https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm- | |
| - meetup.com | |
| - https://hashcat.net/wiki/doku.php | |
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941 | |
| - https://xsshunter.com | |
| - https://www.lockpickshop.com/GATE-BYPASS.html | |
| - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029 | |
| - https://hashes.org/left.php | |
| - https://github.com/foospidy/payloads/tree/master/other/xss | |
| - https://github.com/gentilkiwi/mimikatz | |
| - https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142 | |
| - https://github.com/Pepitoh/VBad | |
| - https://gist.github.com/enigma0x3/8d0cabdb8d49084cdcf03ad89454798b | |
| - https://trick77.com/how-to-set-up-transparent-vpn-internet-gateway-tunnel- | |
| - mechanicus.com/codex/hashpass/hashpass.php | |
| - https://medium.com/@iraklis/running-hashcat- | |
| - https://github.com/porterhau5/BloodHound-Owned | |
| - https://medium.com/@tomac/a-15-openwrt-based-diy-pen-test-dropbox- | |
| - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection | |
| - http://webserver/payload.hta | |
| - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe | |
| - https://github.com/digininja/pipal | |
| - https://www.digitalocean.com/products/compute | |
| - https://wald0.com/?p=112 | |
| - https://github.com/sensepost/ruler | |
| - https://www.hak5.org/gear/packet-squirrel/docs | |
| - https://samy.pl/poisontap/ | |
| - http://www.rapid7.com/db/modules/post/windows/manage/priv_migrate | |
| - https://nodejs.org/en/ | |
| - https://github.com/cyberspacekittens/Hob0Rules | |
| - http://php.net/manual/en/wrappers.php.php | |
| - https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html | |
| - http://contest- | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/situational_awareness/network/powerview.ps1 | |
| - https://blog.websecurify.com/2014/08/hacking-nodejs-and- | |
| - Bit.ly | |
| - http://swupdate.openvpn.org/as/openvpn-as- | |
| - mail.cyberspacekittens.com | |
| - https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter | |
| - www.owasp.org/index.php/Testing_for_NoSQL_injection | |
| - https://www.youtube.com/watch?v=dQw4w9WgXcQ | |
| - https://bneg.io/2017/07/26/empire-without-powershell-exe/ | |
| - https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0 | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1 | |
| - https://github.com/cheetz/ceylogger/blob/master/skeleton | |
| - http://chat:3000/hacked.txt | |
| - https://github.com/PowerShell/PowerShell/releases/download/v6.0.2/powershell_6.0.2- | |
| - https://github.com/trustedsec/ptf | |
| - https://github.com/OJ/gobuster | |
| - cnn.com | |
| - https://gist.github.com/staaldraad/01415b990939494879b4 | |
| - https://github.com/pentestgeek/phishing-frenzy | |
| - lab.com/list-of-bug-bounty-programs.php | |
| - https://nmap.org/nsedoc/scripts/smb-security-mode.html | |
| - http://beefproject.com/ | |
| - www.google.com | |
| - http://ubr.to/2hIO2tZ | |
| - cyberspacekittens.com | |
| - https://helpdeskgeek.com/how-to/windows-join-domain/ | |
| - http://www.nvidia.com/object/tesla-servers.html | |
| - https://www.hackerone.com | |
| - https://aws.amazon.com/service-terms/ | |
| - www.msdn.microsoft.com | |
| - https://raw.githubusercontent.com/cyberspacekittens/XSS/master/XSS2.png | |
| - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/smart_hashdump.rb | |
| - socket.io | |
| - https://ip-ranges.amazonaws.com/ip-ranges.json | |
| - https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx | |
| - https://stackoverflow.com/questions/3871729/transmitting-newline-character-n | |
| - https://github.com/cyberspacekittens/bloodhound | |
| - http://chat:3000/directmessage | |
| - https://github.com/GreatSCT/GreatSCT | |
| - https://github.com/DhavalKapil/icmptunnel | |
| - https://portswigger.net/burp | |
| - https://github.com/bbb31/slurp | |
| - https://pugjs.org/language/interpolation.html | |
| - https://expressjs.com/ | |
| - https://room362.com/post/2016/snagging-creds-from-locked-machines/ | |
| - https://www.forbes.com/sites/thomasbrewster/2015/12/17/facebook- | |
| - https://github.com/ustayready/CredSniper | |
| - CTFTime.org | |
| - http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1- | |
| - https://github.com/cyberspacekittens/metasploit-payloads/tree/master/c/x64_defender_bypass | |
| - http://g- | |
| - https://hashcat.net/wiki/doku.php?id=example_hashes | |
| - https://github.com/Kevin- | |
| - http://thehackerplaybook.com/subscribe/ | |
| - https://wappalyzer.com/ | |
| - Hashes.org | |
| - https://github.com/cyberspacekittens/metasploit-framework | |
| - shell-storm.org | |
| - http://thehackerplaybook.com/get.php?type=THP-vm | |
| - http://chat:3000/accounts.txt | |
| - https://dirtycow.ninja/ | |
| - https://artkond.com/2017/03/23/pivoting-guide/#vpn-over-ssh | |
| - https://github.com/rapid7/metasploitable3 | |
| - https://blog.websecurify.com/2017/02/hacking-node-serialize.html | |
| - https://www.esecurityplanet.com/network-security/almost-a-third-of-all-u.s.-businesses- | |
| - https://github.com/porterhau5/BloodHound- | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/ms648774(v=vs.85).aspx | |
| - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241 | |
| - https://pugjs.org/ | |
| - https://openvpn.net/index.php/access-server/download-openvpn- | |
| - https://en.wikipedia.org/wiki/Sony_Pictures_hack | |
| - https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute- | |
| - https://github.com/cyberspacekittens/metasploit-payloads | |
| - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection | |
| - http://thehackerplaybook.com/get.php?type=THP-password | |
| - https://github.com/hak5/bashbunny- | |
| - https://github.com/Plazmaz/Sublist3r | |
| - 2010.korelogic.com/rules.html | |
| - https://github.com/GreatSCT/GreatSCT.git | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/trollsploit/Get- | |
| - http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay- | |
| - https://github.com/samratashok/nishang | |
| - https://github.com/putterpanda/mimikittenz | |
| - https://builtwith.com/ | |
| - http://test.cyberspacekittens.com | |
| - https://github.com/harleyQu1nn/AggressorScripts | |
| - https://github.com/secretsquirrel/the-backdoor-factory | |
| - https://www.lockpickshop.com/SJ-50.html | |
| - http://psbdmp.ws/ | |
| - https://thesprawl.org/projects/pack/ | |
| - http://www.sixdub.net/?p=555 | |
| - https://bashbunny.com/downloads | |
| - https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download- | |
| - cyberspacekittens.s3.amazonaws.com | |
| - https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS | |
| - https://github.com/danielbohannon/Invoke-CradleCrafter | |
| - https://www.powershellempire.com/?page_id=273 | |
| - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access- | |
| - http://flaws.cloud/ | |
| - https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a | |
| - http://www.agarri.fr/docs/AppSecEU15- | |
| - https://github.com/EmpireProject/Empire/blob/master/data/module_source/privesc/PowerUp.ps1 | |
| - https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d | |
| - https://github.com/cheetz/jenkins-decrypt | |
| - https://github.com/cyberspacekittens/SecLists | |
| - https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents | |
| - http://chat:3000/nosql2 | |
| - SMBExec.ps | |
| - https://github.com/luin/serialize | |
| - http://192.168.10.2-254 | |
| - https://bugcrowd.com/programs | |
| - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/ | |
| - https://raw.githubusercontent.com/cheetz/dirtycow/master/THP-Lab | |
| - https://gist.github.com/rain- | |
| - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection | |
| - https://github.com/securestate/king-phisher | |
| - https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/README.md | |
| - https://amzn.to/2I6lSry | |
| - https://github.com/s0lst1c3/eaphammer#iv–indirect-wireless- | |
| - http://chat:3000/ti?user=*&comment=asdfasdf&link= | |
| - https://github.com/cheetz/generateJenkinsExploit | |
| - https://github.com/cheetz/generateJenkinsExploit | |
| - https://github.com/iagox86/dnscat2 | |
| - lanturtle.com | |
| - https://medium.com/@clong/introducing-detection-lab-61db34bed6ae | |
| - https://github.com/BloodHoundAD/BloodHound | |
| - https://cloud.google.com/compute/docs/faq#ipranges | |
| - https://github.com/cyberspacekittens/Probable-Wordlists/tree/master/Dictionary-Style | |
| - meetup.com/lethal | |
| - https://github.com/bluscreenofjeff/AggressorScripts | |
| - http://chat:3000 | |
| - http://webserver/payload.b64 | |
| - https://github.com/iagox86/dnscat2.git | |
| - https://github.com/s0lst1c3/eaphammer#iii–stealing-ad-credentials-using-hostile-portal- | |
| - https://github.com/CoreSecurity/impacket.git | |
| - https://blog.cptjesus.com/posts/introtocypher | |
| - https://aws.amazon.com/s/dm/optimization/server-side- | |
| - loca1host.com | |
| - https://www.abatchy.com/2017/05/introduction-to-manual- | |
| - https://github.com/eladshamir/Internal-Monologue | |
| - http://10.100.100.9/malware.payload | |
| - https://github.com/brannondorsey/PassGAN | |
| - https://github.com/JordyZomer/autoSubTakeover | |
| - github.com | |
| - http://gnuwin32.sourceforge.net/packages/make.htm | |
| - https://github.com/jamesbarlow/icmptunnel | |
| - https://github.com/clong/DetectionLab | |
| - https://www.cybereason.com/blog/dcom-lateral-movement-techniques | |
| - Microsoft.NET | |
| - http://chat:3000/ | |
| - http://www.adeptus- | |
| - https://www.cyberscoop.com/dji-bug-bounty-drone-technology-sean-melia- | |
| - https://sensepost.com/blog/2017/outlook-forms-and-shells/ | |
| - https://github.com/cheetz/brutescrape | |
| - http://hashcat.net/wiki/doku.php?id=example_hashes | |
| - https://github.com/bhdresh/CVE-2017-0199 | |
| - https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick | |
| - https://github.com/cheetz/THP-ChatSupportSystem/blob/master/lab.txt | |
| - http://pages.ebay.com/securitycenter/Researchers.html | |
| - https://github.com/mzet-/linux-exploit- | |
| - http://contest-2010.korelogic.com/rules-hashcat.html | |
| - https://github.com/SpiderLabs/portia | |
| - https://github.com/decoder-it/psgetsystem | |
| - https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/ | |
| - https://downloads.pwnedpasswords.com/passwords/pwned-passwords- | |
| - testlab.s3.amazonaws.com | |
| - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20injection | |
| - https://weakpass.com/wordlist | |
| - https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py | |
| - attacker.com | |
| - git-scm.com | |
| - http://code.gerade.org/hans/ | |
| - https://www.youtube.com/watch?v=Aatp5gCskvk | |
| - https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ | |
| - http://www.informationisbeautiful.net/visualizations/worlds-biggest-data- | |
| - meetup.com/LETHAL | |
| - https://www.wifipineapple.com/pages/nano | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644974(v=vs.85).aspx | |
| - https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom | |
| - http://www.jsfuck.com/ | |
| - https://github.com/IVMachiavelli/OSINT_Team_Links | |
| - https://github.com/cheetz/THP- | |
| - https://github.com/TheRook/subbrute | |
| - https://github.com/cyberspacekittens/dnscat2 | |
| - https://github.com/curi0usJack/luckystrike | |
| - https://www.npmjs.com/package/qs | |
| - http://www.xss-payloads.com/payloads-list.html | |
| - https://github.com/peewpw/Invoke- | |
| - https://github.com/lgandx/Responder | |
| - https://www.cobaltstrike.com/aggressor-script/index.html | |
| - https://raw.githubusercontent.com/nidem/kerberoast/master/GetUserSPNs.ps1 | |
| - Exploit.In | |
| - http://osintframework.com/ | |
| - https://lightsail.aws.amazon.com | |
| - https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
| - http://insecure.org/search.html?q=privilege%20escalation | |
| - https://www.hak5.org/episodes/hak5-1921-access-internal-networks-with- | |
| - https://github.com/derv82/wifite2 | |
| - http://webserver/payload.sct | |
| - https://github.com/samratashok/nishang/blob/master/Gather/Get- | |
| - https://github.com/Varbaek/xsser | |
| - https://github.com/Narcolapser/python-o365#email | |
| - https://github.com/cheetz/ceylogger/tree/master/version1 | |
| - https://github.com/cheetz/ceylogger/tree/master/version2 | |
| - https://github.com/cheetz/ceylogger/tree/master/version3 | |
| - https://pugjs.org/language/code.html | |
| - http://chat:3000/nosql | |
| - https://xsshunter.com/app | |
| - https://hackerone.com/reports/121461 | |
| - https://github.com/leostat/rtfm | |
| - https://www.shodan.io | |
| - https://www.cobaltstrike.com/help-smb-beacon | |
| - https://www.cobaltstrike.com/help-smb- | |
| - https://www.usenix.org/conference/usenixsecurity16/technical- | |
| - https://github.com/mdsecactivebreach/CACTUSTORCH | |
| - https://github.com/guelfoweb/knock/blob/4.1/knockpy/wordlist/wordlist.txt | |
| - https://github.com/cyberspacekittens/ReflectiveDLLInjection/commit/33d1e515124966661a754b02a15c1469621637ae | |
| - https://pugjs.org/language/code.html#unescaped-buffered-code | |
| - https://github.com/kgretzky/evilginx | |
| - https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library | |
| - https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing- | |
| - https://github.com/trustedsec/unicorn | |
| - https://hakshop.com/collections/usb-rubber-ducky | |
| - testlab.s3.amazon.com | |
| - https://www2.fireeye.com/rs/848-DID- | |
| - https://github.com/nettitude/PoshC2 | |
| - https://github.com/Arno0x/EmbedInHTML | |
| - https://github.com/sekirkity/BrowserGather | |
| - https://haiderm.com/fully-undetectable-backdooring-pe-file/#Code_Caves | |
| - https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/ | |
| - www.SecurePla.net | |
| - https://porterhau5.com/blog/extending-bloodhound-track-and-visualize- | |
| - Lightsail.aws.amazon.com | |
| - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx | |
| - https://www.youtube.com/watch?v=b7qr0laM8kA | |
| - https://github.com/huntergregal/mimipenguin | |
| - https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1 | |
| - ns1.loca1host.com | |
| - https://portswigger.net/bappstore/21df56baa03d499c8439018fe075d3d7 | |
| - https://github.com/fireeye/SessionGopher | |
| - www.meetup.com/LETHAL | |
| - https://github.com/cyberspacekittens/metasploit-payloads/commit/227832554737f7c3ffd675571fede449ac714137 | |
| - https://digi.ninja/files/bucket_finder_1.1.tar.bz2 | |
| - https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/ | |
| - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by- | |
| - ns2.loca1host.com | |
| - https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/ | |
| PDF References: | |
| - https://www.owasp.org/images/1/19/OTGv4.pdf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment