-1- 3 Ways Extract Password Hashes from NTDS.dit:
-2- 3 ways to Capture HTTP Password in Network PC:
-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:
www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/
-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:
https://medium.com/p/2e143eb36941
-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:
https://medium.com/p/a11bb5f863b3/share/twitter
-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:
https://medium.com/p/a69afe5a0899
-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:
https://medium.com/p/e51a945b083d
-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:
https://medium.com/p/b29355a8e68e
-9-Recon — my way:
https://medium.com/p/82b7e5f62e21
-10-Reconnaissance: a eulogy in three acts:
https://medium.com/p/7840824b9ef2
-11-Red-Teaming-Toolkit:
https://github.com/infosecn1nja/Red-Teaming-Toolkit
-12-Red Team Tips:
https://vincentyiu.co.uk/
-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:
https://modexp.wordpress.com/2019/04/24/glibc-shellcode/
-14-Shellcode: Encrypting traffic:
-15-Penetration Testing of an FTP Server:
https://medium.com/p/19afe538be4b
-16-Reverse Engineering of the Anubis Malware — Part 1:
https://medium.com/p/741e12f5a6bd
-17-Privilege Escalation on Linux with Live examples:
-18-Pentesting Cheatsheets:
-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:
-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:
https://sguru.org/ghdb-download-list-4500-google-dorks-free/
-21-SQL Injection Cheat Sheet:
-22-SQLmap’s os-shell + Backdooring website with Weevely:
https://medium.com/p/8cb6dcf17fa4
-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:
https://medium.com/p/c5a3f5764cb3
-24-Top 10 Essential NMAP Scripts for Web App Hacking:
https://medium.com/p/c7829ff5ab7
-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:
https://medium.com/p/52cf5c5640a1
-26-Re ected XSS Bypass Filter:
https://medium.com/p/de41d35239a3
-27-XSS Payloads, getting past alert(1):
https://medium.com/p/217ab6c6ead7
-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:
https://medium.com/p/50d8135b7549
-29-Web Application Firewall (WAF) Evasion Techniques:
-30-OSINT Resources for 2019:
https://medium.com/p/b15d55187c3f
-31-The OSINT Toolkit:
https://medium.com/p/3b9233d1cdf9
-32-OSINT : Chasing Malware + C&C Servers:
https://medium.com/p/3c893dc1e8cb
-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:
https://medium.com/p/94377aa1f20a
-34-From OSINT to Internal – Gaining Access from outside the perimeter:
-35-Week in OSINT #2018–35:
https://medium.com/p/b2ab1765157b
-36-Week in OSINT #2019–14:
https://medium.com/p/df83f5b334b4
-37-Instagram OSINT | What A Nice Picture:
https://medium.com/p/8f4c7edfbcc6
-38-awesome-osint:
https://github.com/jivoi/awesome-osint
-39-OSINT_Team_Links:
https://github.com/IVMachiavelli/OSINT_Team_Links
-40-Open-Source Intelligence (OSINT) Reconnaissance:
https://medium.com/p/75edd7f7dada
-41-Hacking Cryptocurrency Miners with OSINT Techniques:
https://medium.com/p/677bbb3e0157
-42-A penetration tester’s guide to sub- domain enumeration:
-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:
https://blackarch.org/recon.html
-44-What tools I use for my recon during BugBounty:
https://medium.com/p/ec25f7f12e6d
-45-Command and Control – DNS:
https://pentestlab.blog/2017/09/06/command-and-control-dns/
-46-Command and Control – WebDAV:
https://pentestlab.blog/2017/09/12/command-and-control-webdav/
-47-Command and Control – Twitter:
https://pentestlab.blog/2017/09/26/command-and-control-twitter/
-48-Command and Control – Kernel:
https://pentestlab.blog/2017/10/02/command-and-control-kernel/
-49-Source code disclosure via exposed .git folder:
-50-Pentesting Cheatsheet:
https://hausec.com/pentesting-cheatsheet/
-51-Windows Userland Persistence Fundamentals:
https://www.fuzzysecurity.com/tutorials/19.html
-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:
https://medium.com/p/abdc7c269dd5
-53-awesome-bug-bounty:
https://github.com/djadmin/awesome-bug-bounty
-54-dostoevsky-pentest-notes:
https://github.com/dostoevskylabs/dostoevsky-pentest-notes
-55-awesome-pentest:
https://github.com/enaqx/awesome-pentest
-56-awesome-windows-exploitation:
https://github.com/enddo/awesome-windows-exploitation
-57-awesome-exploit-development:
https://github.com/FabioBaroni/awesome-exploit-development
-58-BurpSuit + SqlMap = One Love:
https://medium.com/p/64451eb7b1e8
-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:
https://medium.com/p/a5a5d3ffea46
-60-DLL Injection:
https://pentestlab.blog/2017/04/04/dll-injection
-61-DLL Hijacking:
https://pentestlab.blog/2017/03/27/dll-hijacking
-62-My Recon Process — DNS Enumeration:
https://medium.com/p/d0e288f81a8a
-63-Google Dorks for nding Emails, Admin users etc:
-64-Google Dorks List 2018:
https://medium.com/p/fb70d0cbc94
-65-Hack your own NMAP with a BASH one-liner:
https://medium.com/p/758352f9aece
-66-UNIX / LINUX CHEAT SHEET:
cheatsheetworld.com/programming/unix-linux-cheat-sheet/
-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:
https://medium.com/p/74d2bec02099
-68- information gathering:
https://pentestlab.blog/category/information-gathering/
-69-post exploitation:
https://pentestlab.blog/category/post-exploitation/
-70-privilege escalation:
https://pentestlab.blog/category/privilege-escalation/
-71-red team:
https://pentestlab.blog/category/red-team/
-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:
https://www.hackingloops.com/command-cheat-sheet-for-linux/
-73-Web Application Penetration Testing Cheat Sheet:
-74-Windows Kernel Exploits:
https://pentestlab.blog/2017/04/24/windows-kernel-exploits
-75-Windows oneliners to download remote payload and execute arbitrary code:
-76-Windows-Post-Exploitation:
https://github.com/emilyanncr/Windows-Post-Exploitation
-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:
https://medium.com/p/a2ddc3557403
-78-Windows Privilege Escalation Fundamentals:
https://www.fuzzysecurity.com/tutorials/16.html
-79-Windows Privilege Escalation Guide:
www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
-80-Windows Active Directory Post Exploitation Cheatsheet:
https://medium.com/p/48c2bd70388
-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:
-82-VNC Penetration Testing (Port 5901):
http://www.hackingarticles.in/vnc-penetration-testing
-83- Big List Of Google Dorks Hacking:
-84-List of google dorks for sql injection:
-85-Download Google Dorks List 2019:
https://medium.com/p/323c8067502c
-86-Comprehensive Guide to Sqlmap (Target Options):
-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:
www.cybersyndicates.com/.../email-reconnaissance-phishing-template-generation-made-simple
-88-Comprehensive Guide on Gobuster Tool:
-89-My Top 5 Web Hacking Tools:
https://medium.com/p/e15b3c1f21e8
-90-[technical] Pen-testing resources:
https://medium.com/p/cd01de9036ad
-91-File System Access on Webserver using Sqlmap:
-92-kali-linux-cheatsheet:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-93-Pentesting Cheatsheet:
https://anhtai.me/pentesting-cheatsheet/
-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):
-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:
-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:
https://www.notsosecure.com/analyzing-cve-2018-6376/
-97-Exploiting Sql Injection with Nmap and Sqlmap:
-98-awesome-malware-analysis:
https://github.com/rshipp/awesome-malware-analysis
-99-Anatomy of UAC Attacks:
https://www.fuzzysecurity.com/tutorials/27.html
-100-awesome-cyber-skills:
https://github.com/joe-shenouda/awesome-cyber-skills
-101-5 ways to Banner Grabbing:
http://www.hackingarticles.in/5-ways-banner-grabbing
-102-6 Ways to Hack PostgresSQL Login:
http://www.hackingarticles.in/6-ways-to-hack-postgressql-login
-103-6 Ways to Hack SSH Login Password:
http://www.hackingarticles.in/6-ways-to-hack-ssh-login-password
-104-10 Free Ways to Find Someone’s Email Address:
https://medium.com/p/e6f37f5fe10a
-105-USING A SCF FILE TO GATHER HASHES:
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes
-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):
107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:
-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):
https://medium.com/p/ef6542301c65
-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:
https://gbhackers.com/external-black-box-penetration-testing
-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:
https://gbhackers.com/hacking-tools-list
-111-Most Important Considerations with Malware Analysis Cheats And Tools list:
-112-Awesome-Hacking:
https://github.com/Hack-with-Github/Awesome-Hacking
-113-awesome-threat-intelligence:
https://github.com/hslatman/awesome-threat-intelligence
-114-awesome-yara:
https://github.com/InQuest/awesome-yara
-115-Red-Team-Infrastructure-Wiki:
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
-116-awesome-pentest:
https://github.com/enaqx/awesome-pentest
-117-awesome-cyber-skills:
https://github.com/joe-shenouda/awesome-cyber-skills
-118-pentest-wiki:
https://github.com/nixawk/pentest-wiki
-119-awesome-web-security:
https://github.com/qazbnm456/awesome-web-security
-120-Infosec_Reference:
https://github.com/rmusser01/Infosec_Reference
-121-awesome-iocs:
https://github.com/sroberts/awesome-iocs
-122-blackhat-arsenal-tools:
https://github.com/toolswatch/blackhat-arsenal-tools
-123-awesome-social-engineering:
https://github.com/v2-dev/awesome-social-engineering
-124-Penetration Testing Framework 0.59:
www.vulnerabilityassessment.co.uk/Penetration%20Test.html
-125-Penetration Testing Tools Cheat Sheet :
-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:
-127-Spear Phishing 101:
https://blog.inspired-sec.com/archive/2017/05/07/Phishing.html
-128-100 ways to discover (part 1):
https://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/
-129-Comprehensive Guide to SSH Tunnelling:
-130-Capture VNC Session of Remote PC using SetToolkit:
-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:
-132-Denial of Service Attack on Network PC using SET Toolkit:
-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:
-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):
-135-HTTP RAT Tutorial for Beginners:
http://www.hackingarticles.in/http-rat-tutorial-beginners/
-136-5 ways to Create Permanent Backdoor in Remote PC:
-137-How to Enable and Monitor Firewall Log in Windows PC:
-138-EMPIRE TIPS AND TRICKS:
https://enigma0x3.net/2015/08/26/empire-tips-and-tricks/
-139-CSRF account takeover Explained Automated/Manual:
https://medium.com/p/447e4b96485b
-140-CSRF Exploitation using XSS:
http://www.hackingarticles.in/csrf-exploitation-using-xss
-141-Dumping Domain Password Hashes:
-142-Empire Post Exploitation – Unprivileged Agent to DA Walkthrough:
https://bneg.io/2017/05/24/empire-post-exploitation/
-143-Dropbox for the Empire:
https://bneg.io/2017/05/13/dropbox-for-the-empire/
-144-Empire without PowerShell.exe:
https://bneg.io/2017/07/26/empire-without-powershell-exe/
-145-REVIVING DDE: USING ONENOTE AND EXCEL FOR CODE EXECUTION:
-146-PHISHING WITH EMPIRE:
https://enigma0x3.net/2016/03/15/phishing-with-empire/
-146-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:
-147-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING:
-148-“FILELESS” UAC BYPASS USING SDCLT.EXE:
-149-PHISHING AGAINST PROTECTED VIEW:
-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM:
-151-enum4linux Cheat Sheet:
https://highon.coffee/blog/enum4linux-cheat-sheet/
-152-enumeration:
-153-Command and Control – WebSocket:
-154-Command and Control – WMI:
https://pentestlab.blog/2017/11/20/command-and-control-wmi
-155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:
http://thelearninghacking.com/create-virus-hack-windows/
-156-Comprehensive Guide to Nmap Port Status:
-157-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:
-158-Compromising Jenkins and extracting credentials:
-159-footprinting:
-160-awesome-industrial-control-system-security:
-161-xss-payload-list:
https://github.com/ismailtasdelen/xss-payload-list
-162-awesome-vehicle-security:
https://github.com/jaredthecoder/awesome-vehicle-security
-163-awesome-osint:
https://github.com/jivoi/awesome-osint
-164-awesome-python:
https://github.com/vinta/awesome-python
-165-Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit):
https://www.exploit-db.com/download/44830.rb
-166-nbtscan Cheat Sheet:
https://highon.coffee/blog/nbtscan-cheat-sheet/
-167-neat-tricks-to-bypass-csrfprotection:
www.slideshare.net/0ang3el/neat-tricks-to-bypass-csrfprotection
-168-ACCESSING CLIPBOAR D FROM THE LOC K SC REEN IN WI NDOWS 10 #2:
-169-NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts):
https://medium.com/p/868a7bd7f692
-170-Nmap Cheat Sheet:
https://highon.coffee/blog/nmap-cheat-sheet/
-171-Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV:
-172-Phishing with PowerPoint:
https://www.blackhillsinfosec.com/phishing-with-powerpoint/
-173-hide-payload-ms-office-document-properties:
-174-How to Evade Application Whitelisting Using REGSVR32:
-175-How to Build a C2 Infrastructure with Digital Ocean – Part 1:
-176-WordPress Penetration Testing using Symposium Plugin SQL Injection:
-177-Manual SQL Injection Exploitation Step by Step:
-178-MSSQL Penetration Testing with Metasploit:
-179-Multiple Ways to Get root through Writable File:
-180-MySQL Penetration Testing with Nmap:
http://www.hackingarticles.in/mysql-penetration-testing-nmap
-181-NetBIOS and SMB Penetration Testing on Windows:
-182-Network Packet Forensic using Wireshark:
-183-Escape and Evasion Egressing Restricted Networks:
-183-Awesome-Hacking-Resources:
https://github.com/vitalysim/Awesome-Hacking-Resources
-184-Hidden directories and les as a source of sensitive information about web application:
https://medium.com/p/84e5c534e5ad
-185-Hiding Registry keys with PSRe ect:
-186-awesome-cve-poc:
https://github.com/qazbnm456/awesome-cve-poc
-187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:
https://medium.com/p/74d2bec02099
-188-Post Exploitation in Windows using dir Command:
189-Web Application Firewall (WAF) Evasion Techniques #2:
-190-Forensics Investigation of Remote PC (Part 1):
-191-CloudFront Hijacking:
-192-PowerPoint and Custom Actions:
https://cofense.com/powerpoint-and-custom-actions/
-193-Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato:
-194-How to intercept TOR hidden service requests with Burp:
https://medium.com/p/6214035963a0
-195-How to Make a Captive Portal of Death:
https://medium.com/p/48e82a1d81a/share/twitter
-196-How to find any CEO’s email address in minutes:
https://medium.com/p/70dcb96e02b0
197-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:
https://www.exploit-db.com/download/44888.txt
-198-Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation:
https://www.exploit-db.com/download/44630.txt
-199-Microsoft Word upload to Stored XSS:
-200-MobileApp-Pentest-Cheatsheet:
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
-201-awesome:
https://github.com/sindresorhus/awesome
-201-writing arm shellcode:
https://azeria-labs.com/writing-arm-shellcode/
-202-debugging with gdb introduction:
https://azeria-labs.com/debugging-with-gdb-introduction/
-203-emulate raspberrypi with qemu:
https://azeria-labs.com/emulate-raspberry-pi-with-qemu/
-204-Bash One-Liner to Check Your Password(s) via pwnedpasswords.com’s API Using the k-Anonymity Method:
https://medium.com/p/a5807a9a8056
-205-A Red Teamer's guide to pivoting:
https://artkond.com/2017/03/23/pivoting-guide/
-206-Using WebDAV features as a covert channel:
-207-A View of Persistence:
https://rastamouse.me/2018/03/a-view-of-persistence/
-208- pupy websocket transport:
https://bitrot.sh/post/28-11-2017-pupy-websocket-transport/
-209-Subdomains Enumeration Cheat Sheet:
-210-DNS Reconnaissance – DNSRecon:
https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/
-211-Cheatsheets:
https://bitrot.sh/cheatsheet
-212-Understanding Guide to Nmap Firewall Scan (Part 2):
-213-Exploit Office 2016 using CVE-2018-0802:
-214-windows-exploit-suggester:
-215-INSTALLING PRESISTENCE BACKDOOR IN WINDOWS:
-216-IDS, IPS AND FIREWALL EVASION USING NMAP:
-217-Wireless Penetration Testing Checklist – A Detailed Cheat Sheet:
218-Most Important Web Application Security Tools & Resources for Hackers and Security Professionals:
https://gbhackers.com/web-application-security-tools-resources
-219-Web Application Penetration Testing Checklist – A Detailed Cheat Sheet:
-220-Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing:
https://gbhackers.com/top-500-important-xss-cheat-sheet
-221-USBStealer – Password Hacking Tool For Windows Machine Applications:
https://gbhackers.com/pasword-hacking
-222-Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals:
https://gbhackers.com/mobile-application-penetration-testing
-223-Metasploit Can Be Directly Used For Hardware Penetration Testing Now:
-224-How to Perform Manual SQL Injection While Pentesting With Single quote Error Based Parenthesis Method:
https://gbhackers.com/manual-sql-injection-2
-225-Email Spoo ng – Exploiting Open Relay configured Public Mailservers:
https://gbhackers.com/email-spoofing-exploiting-open-relay
-226-Email Header Analysis – Received Email is Genuine or Spoofed:
https://gbhackers.com/email-header-analysis
-227-Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals:
https://gbhackers.com/cyber-threat-intelligence-tools
-228-Creating and Analyzing a Malicious PDF File with PDF-Parser Tool:
-229-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:
-230-Advanced ATM Penetration Testing Methods:
https://gbhackers.com/advanced-atm-penetration-testing-methods
-231-A8-Cross-Site Request Forgery (CSRF):
https://gbhackers.com/a8-cross-site-request-forgery-csrf
-232-Fully undetectable backdooring PE File:
https://haiderm.com/fully-undetectable-backdooring-pe-file/
-233-backdooring exe files:
https://haiderm.com/tag/backdooring-exe-files/
-234-From PHP (s)HELL to Powershell Heaven:
https://medium.com/p/da40ce840da8
-235-Forensic Investigation of Nmap Scan using Wireshark:
-236-Unleashing an Ultimate XSS Polyglot:
https://github.com/0xsobky/HackVault/wiki
-237-wifi-arsenal:
https://github.com/0x90/wifi-arsenal
-238-XXE_payloads:
https://gist.github.com/staaldraad/01415b990939494879b4
-239-xss_payloads_2016:
-240-A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.:
https://github.com/alebcay/awesome-shell
-241-The goal of this repository is to document the most common techniques to bypass AppLocker.:
https://github.com/api0cradle/UltimateAppLockerByPassList
-242-A curated list of CTF frameworks, libraries, resources and softwares:
https://github.com/apsdehal/awesome-ctf
-243-A collection of android security related resources:
https://github.com/ashishb/android-security-awesome
-244-OSX and iOS related security tools:
https://github.com/ashishb/osx-and-ios-security-awesome
-245-regexp-security-cheatsheet:
https://github.com/attackercan/regexp-security-cheatsheet
-246-PowerView-2.0 tips and tricks:
https://gist.github.com/HarmJ0y/3328d954607d71362e3c
-247-A curated list of awesome awesomeness:
https://github.com/bayandin/awesome-awesomeness
-248-Android App Security Checklist:
https://github.com/b-mueller/android_app_security_checklist
-249-Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:
https://github.com/brannondorsey/wifi-cracking
-250-My-Gray-Hacker-Resources:
https://github.com/bt3gl/My-Gray-Hacker-Resources
-251-A collection of tools developed by other researchers in the Computer Science area to process network traces:
https://github.com/caesar0301/awesome-pcaptools
-252-A curated list of awesome Hacking tutorials, tools and resources:
https://github.com/carpedm20/awesome-hacking
-253-RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.:
https://github.com/cn0xroot/RFSec-ToolKit
-254-Collection of the cheat sheets useful for pentesting:
https://github.com/coreb1t/awesome-pentest-cheat-sheets
-255-Collection of the cheat sheets useful for pentesting:
https://github.com/coreb1t/awesome-pentest-cheat-sheets
-256-Collection of the cheat sheets useful for pentesting:
https://github.com/coreb1t/awesome-pentest-cheat-sheets
-257-A curated list of awesome forensic analysis tools and resources:
https://github.com/cugu/awesome-forensics
-258-Open-Redirect-Payloads:
https://github.com/cujanovic/Open-Redirect-Payloads
-259-A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.:
https://github.com/Cyb3rWard0g/ThreatHunter-Playbook
-260-Windows memory hacking library:
https://github.com/DarthTon/Blackbone
-261-A collective list of public JSON APIs for use in security.:
https://github.com/deralexxx/security-apis
-262-An authoritative list of awesome devsecops tools with the help from community experiments and contributions.:
https://github.com/devsecops/awesome-devsecops
-263-List of Awesome Hacking places, organised by Country and City, listing if it features power and wifi:
https://github.com/diasdavid/awesome-hacking-spots
-264-A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups:
https://github.com/djadmin/awesome-bug-bounty
-265-Notes for taking the OSCP in 2097:
https://github.com/dostoevskylabs/dostoevsky-pentest-notes
-266-A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom:
https://github.com/enddo/awesome-windows-exploitation
-267-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development:
https://github.com/FabioBaroni/awesome-exploit-development
-268-A curated list of awesome reversing resources:
https://github.com/fdivrp/awesome-reversing
-269-Git All the Payloads! A collection of web attack payloads:
https://github.com/foospidy/payloads
-270-GitHub Project Resource List:
https://github.com/FuzzySecurity/Resource-List
-271-Use your macOS terminal shell to do awesome things.:
https://github.com/herrbischoff/awesome-macos-command-line
-272-Defeating Windows User Account Control:
https://github.com/hfiref0x/UACME
-273-Free Security and Hacking eBooks:
https://github.com/Hack-with-Github/Free-Security-eBooks
-274-Universal Radio Hacker: investigate wireless protocols like a boss:
https://github.com/jopohl/urh
-275-A curated list of movies every hacker & cyberpunk must watch:
https://github.com/k4m4/movies-for-hackers
-276-Various public documents, whitepapers and articles about APT campaigns:
https://github.com/kbandla/APTnotes
-277-A database of common, interesting or useful commands, in one handy referable form:
https://github.com/leostat/rtfm
-278-A curated list of tools for incident response:
https://github.com/meirwah/awesome-incident-response
-279-A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys:
https://github.com/meitar/awesome-lockpicking
-280-A curated list of static analysis tools, linters and code quality checkers for various programming languages:
https://github.com/mre/awesome-static-analysis
-281-A Collection of Hacks in IoT Space so that we can address them (hopefully):
https://github.com/nebgnahz/awesome-iot-hacks
-281-A Course on Intermediate Level Linux Exploitation:
https://github.com/nnamon/linux-exploitation-course
-282-Kali Linux Cheat Sheet for Penetration Testers:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-283-A curated list of awesome infosec courses and training resources.:
https://github.com/onlurking/awesome-infosec
-284-A curated list of resources for learning about application security:
https://github.com/paragonie/awesome-appsec
-285-an awesome list of honeypot resources:
https://github.com/paralax/awesome-honeypots
286-GitHub Enterprise SQL Injection:
-287-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis:
https://github.com/secfigo/Awesome-Fuzzing
-288-PHP htaccess injection cheat sheet:
https://github.com/sektioneins/pcc/wiki
-289-A curated list of the awesome resources about the Vulnerability Research:
https://github.com/sergey-pronin/Awesome-Vulnerability-Research
-290-A list of useful payloads and bypass for Web Application Security and Pentest/CTF:
https://github.com/swisskyrepo/PayloadsAllTheThings
-291-A collection of Red Team focused tools, scripts, and notes:
https://github.com/threatexpress/red-team-scripts
-292-Awesome XSS stuff:
https://github.com/UltimateHackers/AwesomeXSS
-293-A collection of hacking / penetration testing resources to make you better!:
https://github.com/vitalysim/Awesome-Hacking-Resources
-294-Docker Cheat Sheet:
https://github.com/wsargent/docker-cheat-sheet
-295-Decrypted content of eqgrp-auction-file.tar.xz:
https://github.com/x0rz/EQGRP
-296-A bunch of links related to Linux kernel exploitation:
https://github.com/xairy/linux-kernel-exploitation
-297-Penetration Testing 102 - Windows Privilege Escalation Cheatsheet:
www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet
-298-Pentesting Cheatsheet:
https://anhtai.me/pentesting-cheatsheet/
-299-Windows Privilege Escalation Methods for Pentesters:
-300-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:
-301-Reading Your Way Around UAC (Part 1):
-302--Reading Your Way Around UAC (Part 2):
-303-Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2):
-304-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:
https://medium.com/p/29d034c27978
-304-Automating Cobalt Strike,Aggressor Collection Scripts:
https://github.com/bluscreenofjeff/AggressorScripts
https://github.com/harleyQu1nn/AggressorScripts
-305-Vi Cheat Sheet:
https://highon.coffee/blog/vi-cheat-sheet/
-306-Network Recon Cheat Sheet:
-307-LFI Cheat Sheet:
https://highon.coffee/blog/lfi-cheat-sheet/
-308-Systemd Cheat Sheet:
https://highon.coffee/blog/systemd-cheat-sheet/
-309-Aircrack-ng Cheatsheet:
https://securityonline.info/aircrack-ng-cheatsheet/
-310-Kali Linux Cheat Sheet for Penetration Testers:
https://www.blackmoreops.com/?p=7212
-311-Wifi Pentesting Command Cheatsheet:
-312-Android Testing Environment Cheatsheet (Part 1):
-313-cheatsheet:
https://randomkeystrokes.com/category/cheatsheet/
-314-Reverse Shell Cheat Sheet:
https://highon.coffee/blog/reverse-shell-cheat-sheet/
-315-Linux Commands Cheat Sheet:
https://highon.coffee/blog/linux-commands-cheat-sheet/
-316-Linux Privilege Escalation using Sudo Rights:
-317-Linux Privilege Escalation using Misconfigured NFS:
-318-Linux Privilege Escalation by Exploiting Cronjobs:
-319-Web Penetration Testing:
http://www.hackingarticles.in/web-penetration-testing/
-320-Webshell to Meterpreter:
http://www.hackingarticles.in/webshell-to-meterpreter
-321-WordPress Penetration Testing using WPScan & Metasploit:
-322-XSS Exploitation in DVWA (Bypass All Security):
-323-Linux Privilege Escalation Using PATH Variable:
-324-VNC tunneling over SSH:
http://www.hackingarticles.in/vnc-tunneling-ssh
-325-VNC Pivoting through Meterpreter:
http://www.hackingarticles.in/vnc-pivoting-meterpreter
-326-Week of Evading Microsoft ATA - Announcement and Day 1:
-327-Abusing DNSAdmins privilege for escalation in Active Directory:
-328-Using SQL Server for attacking a Forest Trust:
-329-Empire :
http://www.harmj0y.net/blog/category/empire/
-330-8 Deadly Commands You Should Never Run on Linux:
-331-External C2 framework for Cobalt Strike:
https://www.insomniacsecurity.com/2018/01/11/externalc2.html
-332-How to use Public IP on Kali Linux:
http://www.hackingarticles.in/use-public-ip-kali-linux
-333-Bypass Admin access through guest Account in windows 10:
-334-Bypass Firewall Restrictions with Metasploit (reverse_tcp_allports):
-335-Bypass SSH Restriction by Port Relay:
-336-Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key):
-337-Bypass UAC in Windows 10 using bypass_comhijack Exploit:
-338-Bind Payload using SFX archive with Trojanizer:
-339-Capture NTLM Hashes using PDF (Bad-Pdf):
-340-Best of Post Exploitation Exploits & Tricks:
-341-Detect SQL Injection Attack using Snort IDS:
-342-Beginner Guide to Website Footprinting:
-343-How to Enable and Monitor Firewall Log in Windows PC:
-344-Wifi Post Exploitation on Remote PC:
http://www.hackingarticles.in/wifi-post-exploitation-remote-pc/
-335-Check Meltdown Vulnerability in CPU:
http://www.hackingarticles.in/check-meltdown-vulnerability-cpu
-336-XXE:
https://phonexicum.github.io/infosec/xxe.html
-337-[XSS] Re ected XSS Bypass Filter:
https://medium.com/p/de41d35239a3
-338-Engagement Tools Tutorial in Burp suite:
-339-Wiping Out CSRF:
https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f
-340-First entry: Welcome and fileless UAC bypass:
-341-Writing a Custom Shellcode Encoder:
https://medium.com/p/31816e767611
-342-Security Harden CentOS 7 :
https://highon.coffee/blog/security-harden-centos-7/
-343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS:
-344-MySQL:
https://websec.ca/kb/CHANGELOG.txt
-345-Deobfuscation of VM based software protection:
-346-Online Assembler and Disassembler:
-347-Shellcodes database for study cases:
http://shell-storm.org/shellcode/
-348-Dynamic Binary Analysis and Obfuscated Codes:
http://shell-storm.org/talks/sthack2016-rthomas-jsalwan.pdf
-349-How Triton may help to analyse obfuscated binaries:
http://triton.quarkslab.com/files/misc82-triton.pdf
-350-Triton: A Concolic Execution Framework:
-351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM:
https://github.com/JonathanSalwan/Tigress_protection
-352-What kind of semantics information Triton can provide?:
-353-Code coverage using a dynamic symbolic execution:
-354-Triton (concolic execution framework) under the hood:
-355-- Stack and heap overflow detection at runtime via behavior analysis and Pin:
-356-Binary analysis: Concolic execution with Pin and z3:
-357-In-Memory fuzzing with Pin:
http://shell-storm.org/blog/In-Memory-fuzzing-with-Pin/
-358-Hackover 2015 r150 (outdated solving for Triton use cases):
-359-Skip sh – Web Application Security Scanner for XSS, SQL Injection, Shell injection:
https://gbhackers.com/skipfish-web-application-security-scanner
-360-Sublist3r – Tool for Penetration testers to Enumerate Sub-domains:
https://gbhackers.com/sublist3r-penetration-testers
-361-bypassing application whitelisting with bginfo:
-362-accessing-clipboard-from-the-lock-screen-in-windows-10:
-363-bypassing-device-guard-umci-using-chm-cve-2017-8625:
-364-defense-in-depth-writeup:
https://oddvar.moe/2017/09/13/defense-in-depth-writeup/
-365-applocker-case-study-how-insecure-is-it-really-part-1:
-366-empires-cross-platform-office-macro:
-367-recon tools:
https://blackarch.org/recon.html
-368-Black Hat 2018 tools list:
https://medium.com/p/991fa38901da
-369-Application Introspection & Hooking With Frida:
https://www.fuzzysecurity.com/tutorials/29.html
-370-And I did OSCP!:
https://medium.com/p/589babbfea19
-371-CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests:
-372-Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals:
https://gbhackers.com/threat-intelligence-tools
-373-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:
https://techincidents.com/penetration-testing-cheat-sheet/
-374-privilege escalation:
https://toshellandback.com/category/privilege-escalation/
-375-The Complete List of Windows Post-Exploitation Commands (No Powershell):
https://medium.com/p/999b5433b61e
-376-The Art of Subdomain Enumeration:
https://blog.sweepatic.com/tag/subdomain-enumeration/
-377-The Principles of a Subdomain Takeover:
https://blog.sweepatic.com/subdomain-takeover-principles/
-378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!:
https://medium.com/p/b250fb40af82
-379-The Solution for Web for Pentester-I:
https://medium.com/p/4c21b3ae9673
-380-The Ultimate Penetration Testing Command Cheat Sheet for Linux:
https://www.hackingloops.com/command-cheat-sheet-for-linux/
-381-: Ethical Hacking, Hack Tools, Hacking Tricks, Information Gathering, Penetration Testing, Recommended:
https://www.hackingloops.com/hacking-tricks/
-383-Introduction to Exploitation, Part 1: Introducing Concepts and Terminology:
https://www.hackingloops.com/exploitation-terminology/
-384-How Hackers Kick Victims Off of Wireless Networks:
-385-Maintaining Access Part 1: Introduction and Metasploit Example:
https://www.hackingloops.com/maintaining-access-metasploit/
-386-How to Steal Windows Credentials with Mimikatz and Metasploit:
https://www.hackingloops.com/mimikatz/
-387-Evading Anti-virus Part 2: Obfuscating Payloads with Msfvenom:
https://www.hackingloops.com/msfvenom/
-388-Evading Anti-virus Part 1: Infecting EXEs with Shellter:
https://www.hackingloops.com/evading-anti-virus-shellter/
-389-Mobile Hacking Part 4: Fetching Payloads via USB Rubber Ducky:
https://www.hackingloops.com/payloads-via-usb-rubber-ducky/
-390-Ethical Hacking Practice Test 6 – Footprinting Fundamentals Level1:
-391-Skip Cracking Responder Hashes and Relay Them:
-392-Cracking NTLMv1 Handshakes with Crack.sh:
-393-Top 3 Anti-Forensic OpSec Tips for Linux & A New Dead Man’s Switch:
https://medium.com/p/d5e92843e64a
-394-VNC Penetration Testing (Port 5901):
http://www.hackingarticles.in/vnc-penetration-testing
-395-Windows Privilege Escalation:
-396-Removing Sender’s IP Address From Email’s Received: From Header:
-397-Dump Cleartext Password in Linux PC using MimiPenguin:
-398-Embedded Backdoor with Image using FakeImageExploiter:
-399-Exploit Command Injection Vulnearbility with Commix and Netcat:
-400-Exploiting Form Based Sql Injection using Sqlmap:
-401-Beginner Guide to impacket Tool kit:
-402-Best of Post Exploitation Exploits & Tricks:
-403-Command Injection to Meterpreter using Commix:
-404-Comprehensive Guide to Crunch Tool:
-405-Compressive Guide to File Transfer (Post Exploitation):
-406-Crack Wifi Password using Aircrack-Ng (Beginner’s Guide):
-407-How to Detect Meterpreter in Your PC:
http://www.hackingarticles.in/detect-meterpreter-pc
-408-Easy way to Hack Database using Wizard switch in Sqlmap:
-409-Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn):
-410-Create SSL Certified Meterpreter Payload using MPM:
-411-Port forwarding: A practical hands-on guide:
-412-Exploit Dev 101: Jumping to Shellcode:
https://www.abatchy.com/2017/05/jumping-to-shellcode.html
-413-Introduction to Manual Backdooring:
-414-Kernel Exploitation:
https://www.abatchy.com/2018/01/kernel-exploitation-1
-415-Exploit Dev 101: Bypassing ASLR on Windows:
-416-Shellcode reduction tips (x86):
https://www.abatchy.com/2017/04/shellcode-reduction-tips-x86
-417-OSCE Study Plan:
https://www.abatchy.com/2017/03/osce-study-plan
-418-[DefCamp CTF Qualification 2017] Don't net, kids! (Revexp 400):
https://www.abatchy.com/2017/10/defcamp-dotnot
-419-DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE:
https://www.ambionics.io/
-420-SQL VULNERABLE WEBSITES LIST 2017 [APPROX 2500 FRESH SQL VULNERABLE SITES]:
https://www.cityofhackerz.com/sql-vulnerable-websites-list-2017
-421-Windows IR Live Forensics Cheat Sheet:
https://www.cheatography.com/tag/forensics/
-422-windows-kernel-logic-bug-class-access:
-423-injecting-code-into-windows-protected:
-424-USING THE DDE ATTACK WITH POWERSHELL EMPIRE:
-425-Automated Derivative Administrator Search:
https://wald0.com/?p=14
-426-A Red Teamer’s Guide to GPOs and OUs:
https://wald0.com/?p=179
-427-Pen Testing and Active Directory, Part VI: The Final Case:
-428-Offensive Tools and Techniques:
https://www.sec.uno/2017/03/01/offensive-tools-and-techniques/
-429-Three penetration testing tips to out-hack hackers:
-430-Introducing BloodHound:
https://wald0.com/?p=68
-431-Red + Blue = Purple:
http://www.blackhillsinfosec.com/?p=5368
-432-Active Directory Access Control List – Attacks and Defense – Enterprise Mobility and Security Blog:
-433-PrivEsc: Unquoted Service Path:
https://www.gracefulsecurity.com/privesc-unquoted-service-path/
-434-PrivEsc: Insecure Service Permissions:
-435-PrivEsc: DLL Hijacking:
https://www.gracefulsecurity.com/privesc-dll-hijacking/
-436-Android Reverse Engineering 101 – Part 1:
http://www.fasteque.com/android-reverse-engineering-101-part-1/
-437-Luckystrike: An Evil Office Document Generator:
-438-the-number-one-pentesting-tool-youre-not-using:
-439-uac-bypass:
http://www.securitynewspaper.com/tag/uac-bypass/
-440-XSSer – Automated Framework Tool to Detect and Exploit XSS vulnerabilities:
-441-Penetration Testing on X11 Server:
http://www.hackingarticles.in/penetration-testing-on-x11-server
-442-Always Install Elevated:
https://pentestlab.blog/2017/02/28/always-install-elevated
-443-Scanning for Active Directory Privileges & Privileged Accounts:
https://adsecurity.org/?p=3658
-444-Windows Server 2016 Active Directory Features:
https://adsecurity.org/?p=3646
-445-powershell:
https://adsecurity.org/?tag=powershell
-446-PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection:
https://adsecurity.org/?p=2921
-447-DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack:
https://adsecurity.org/?p=3214
-448-Real-World Example of How Active Directory Can Be Compromised (RSA Conference Presentation):
https://adsecurity.org/?p=2085
-449-Advanced ATM Penetration Testing Methods:
https://gbhackers.com/advanced-atm-penetration-testing-methods
-450-Background: Microsoft Ofice Exploitation:
-451-Automated XSS Finder:
https://medium.com/p/4236ed1c6457
-452-Application whitelist bypass using XLL and embedded shellcode:
-453-AppLocker Bypass – Regsvr32:
https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32
-454-Nmap Scans using Hex Value of Flags:
http://www.hackingarticles.in/nmap-scans-using-hex-value-flags
-455-Nmap Scan with Timing Parameters:
http://www.hackingarticles.in/nmap-scan-with-timing-parameters
-456-OpenSSH User Enumeration Time- Based Attack with Osueta:
-457-Penetration Testing:
http://www.hackingarticles.in/web-penetration-testing/
-458-Penetration Testing on Remote Desktop (Port 3389):
-459-Penetration Testing on Telnet (Port 23):
-460-Penetration Testing in Windows/Active Directory with Crackmapexec:
-461-Penetration Testing in WordPress Website using WordPress Exploit Framework:
-462-Port Scanning using Metasploit with IPTables:
-463-Post Exploitation Using WMIC (System Command):
-464-Privilege Escalation in Linux using etc/passwd file:
-465-RDP Pivoting with Metasploit:
http://www.hackingarticles.in/rdp-pivoting-metasploit
-466-A New Way to Hack Remote PC using Xerosploit and Metasploit:
-467-Shell to Meterpreter using Session Command:
-468-SMTP Pentest Lab Setup in Ubuntu (Port 25):
http://www.hackingarticles.in/smtp-pentest-lab-setup-ubuntu
-469-SNMP Lab Setup and Penetration Testing:
-470-SQL Injection Exploitation in Multiple Targets using Sqlmap:
-471-Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin):
-472-SSH Penetration Testing (Port 22):
http://www.hackingarticles.in/ssh-penetration-testing-port-22
-473-Manual Post Exploitation on Windows PC (System Command):
-474-SSH Pivoting using Meterpreter:
http://www.hackingarticles.in/ssh-pivoting-using-meterpreter
-475-Stealing Windows Credentials of Remote PC with MS Office Document:
-476-Telnet Pivoting through Meterpreter:
http://www.hackingarticles.in/telnet-pivoting-meterpreter
-477-Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin):
-478-Hack Remote PC using Fake Updates Scam with Ettercap and Metasploit:
-479-Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit:
-480-Hack Remote Windows 10 PC using TheFatRat:
-481-2 Ways to Hack Windows 10 Password Easy Way:
http://www.hackingarticles.in/hack-windows-10-password-easy-way
-482-How to Change ALL Files Extension in Remote PC (Confuse File Extensions Attack):
-483-How to Delete ALL Files in Remote Windows PC:
-484-How to Encrypt Drive of Remote Victim PC:
-485-Post Exploitation in Linux With Metasploit:
-486-Red Team:
https://posts.specterops.io/tagged/red-team?source=post
-487-Code Signing Certi cate Cloning Attacks and Defenses:
https://posts.specterops.io/tagged/code-signing?source=post
-488-Phishing:
https://posts.specterops.io/tagged/phishing?source=post
-489-PowerPick – A ClickOnce Adjunct:
http://www.sixdub.net/?p=555
-490-sql-injection-xss-playground:
-491-Privilege Escalation & Post-Exploitation:
-492-https-payload-and-c2-redirectors:
-493-a-push-toward-transparency:
-494-bloodhound:
https://posts.specterops.io/tagged/bloodhound?source=post
-495-active directory:
https://posts.specterops.io/tagged/active-directory?source=post
-496-Load & Execute Bundles with migrationTool:
-497-Outlook Forms and Shells:
https://sensepost.com/blog/2017/outlook-forms-and-shells/
-498-Tools:
https://sensepost.com/blog/tools/
-499-2018 pentesting resources:
https://sensepost.com/blog/2018/
-500-network pentest:
-501-[technical] Pen-testing resources:
https://medium.com/p/cd01de9036ad
-502-Stored XSS on Facebook:
https://opnsec.com/2018/03/stored-xss-on-facebook/
-503-vulnerabilities:
https://www.brokenbrowser.com/category/vulnerabilities/
-504-Extending BloodHound: Track and Visualize Your Compromise:
-505-so-you-want-to-be-a-web-security-researcher:
-506-BugBounty — AWS S3 added to my “Bucket” list!:
https://medium.com/p/f68dd7d0d1ce
-507-BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company:
https://medium.com/p/c75967392c7e
-508-BugBounty — Exploiting CRLF Injection can lands into a nice bounty:
https://medium.com/p/159525a9cb62
-509-BugBounty — How I was able to bypass rewall to get RCE and then went from server shell to get root user account:
https://medium.com/p/783f71131b94
-510-BugBounty — “I don’t need your current password to login into youraccount” - How could I completely takeover any user’s account in an online classi ed ads company:
https://medium.com/p/e51a945b083d
-511-Ping Power — ICMP Tunnel:
-512-hacking:
https://www.nextleveltricks.com/hacking/
-513-Top 8 Best YouTube Channels To Learn Ethical Hacking Online !:
-514-Google Dorks List 2018 | Fresh Google Dorks 2018 for SQLi:
https://www.nextleveltricks.com/latest-google-dorks-list/
-515-Art of Shellcoding: Basic AES Shellcode Crypter:
http://www.nipunjaswal.com/2018/02/shellcode-crypter.html
-516-Big List Of Google Dorks Hacking:
-517-nmap-cheatsheet:
https://bitrot.sh/cheatsheet/09-12-2017-nmap-cheatsheet/
-518-Aws Recon:
https://enciphers.com/tag/aws-recon/
-519-Recon:
https://enciphers.com/tag/recon/
-520-Subdomain Enumeration:
https://enciphers.com/tag/subdomain-enumeration/
-521-Shodan:
https://enciphers.com/tag/shodan/
-522-Dump LAPS passwords with ldapsearch:
-523-peepdf - PDF Analysis Tool:
http://eternal-todo.com/tools/peepdf-pdf-analysis-tool
-524-Evilginx 2 - Next Generation of Phishing 2FA Tokens:
breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/
-526-Evil XML with two encodings:
https://mohemiv.com/all/evil-xml/
-527-create-word-macros-with-powershell:
-528-Excess XSS A comprehensive tutorial on cross-site scripting:
https://excess-xss.com/
-529-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:
-530-Abusing DCOM For Yet Another Lateral Movement Technique:
-531-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:
-532-Abusing DCOM For Yet Another Lateral Movement Technique:
-533-“Practical recon techniques for bug hunters & pen testers”:
-534-Exploiting Node.js deserialization bug for Remote Code Execution:
-535-Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege:
http://www.greyhathacker.net/?p=1006
-536-Running Macros via ActiveX Controls:
http://www.greyhathacker.net/?p=948
-537-all=BUG+MALWARE+EXPLOITS
http://www.greyhathacker.net/?cat=18
-538-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND:
-539-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:
-540-A Look at CVE-2017-8715: Bypassing CVE-2017-0218 using PowerShell Module Manifests:
-541-“FILELESS” UAC BYPASS USING SDCLT.EXE:
-542-File Upload XSS:
https://medium.com/p/83ea55bb9a55
-543-Firebase Databases:
https://medium.com/p/f651a7d49045
-544-Safe Red Team Infrastructure:
-545-RED-TEAM:
https://cybersyndicates.com/tags/red-team/
-546-Egressing Bluecoat with Cobaltstike & Let's Encrypt:
https://www.youtube.com/watch?v=cgwfjCmKQwM
-547-Veil-Evasion:
https://cybersyndicates.com/tags/veil-evasion/
-548-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:
http://thelearninghacking.com/create-virus-hack-windows/
-549-Download Google Dorks List 2019:
https://medium.com/p/323c8067502c
-550-Don’t leak sensitive data via security scanning tools:
https://medium.com/p/7d1f715f0486
-551-CRLF Injection Into PHP’s cURL Options:
-552-Open Redirects & Security Done Right!:
-553-DOM XSS – auth.uber.com:
-554-PowerPoint and Custom Actions:
https://cofense.com/powerpoint-and-custom-actions/
-555-exploiting-adobe-coldfusion:
-556-Command and Control – HTTPS:
https://pentestlab.blog/2017/10/04/command-and-control-https
-557-Command and Control – Images:
https://pentestlab.blog/2018/01/02/command-and-control-images
-558-Command and Control – JavaScript:
-559-XSS-Payloads:
https://github.com/Pgaijin66/XSS-Payloads
-560-Command and Control – Web Interface:
-561-Command and Control – Website:
https://pentestlab.blog/2017/11/14/command-and-control-website
-562-Command and Control – WebSocket:
-563-atomic-red-team:
https://github.com/redcanaryco/atomic-red-team
-564-PowerView-3.0-tricks.ps1:
-565-awesome-sec-talks:
https://github.com/PaulSec/awesome-sec-talks
-566-Awesome-Red-Teaming:
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-567-awesome-php:
https://github.com/ziadoz/awesome-php
-568-latest-hacks:
https://hackercool.com/latest-hacks/
-569-GraphQL NoSQL Injection Through JSON Types:
-570-Writing .NET Executables for Pentesters:
-571-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
https://github.com/secfigo/Awesome-Fuzzing
-572-How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC:
-572-Injecting Metasploit Payloads into Android Applications – Manually:
-573-Google Dorks For Carding [Huge List] - Part 1:
-574-Google dorks for growth hackers:
https://medium.com/p/7f83c8107057
-575-Google Dorks For Carding (HUGE LIST):
-576-BIGGEST SQL Injection Dorks List ~ 20K+ Dorks:
-577-Pastebin Accounts Hacking (Facebook/Paypal/LR/Gmail/Yahoo, etc):
-578-How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!:
-579-Hijacking VNC (Enum, Brute, Access and Crack):
https://medium.com/p/d3d18a4601cc
-580-Linux Post Exploitation Command List:
https://github.com/mubix/post-exploitation/wiki
-581-List of google dorks for sql injection:
-582-Microsoft Office – NTLM Hashes via Frameset:
-583-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:
https://www.exploit-db.com/download/44888.txt
-584-Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability:
https://www.securityfocus.com/bid/104407
-585-Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability:
https://www.securityfocus.com/bid/104382
-586-miSafes Mi-Cam Device Hijacking:
https://packetstormsecurity.com/files/146504/SA-20180221-0.txt
-587-Low-Level Windows API Access From PowerShell:
https://www.fuzzysecurity.com/tutorials/24.html
-588-Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability:
https://www.securityfocus.com/bid/103316
-589-Lateral Movement – RDP:
https://pentestlab.blog/2018/04/24/lateral-movement-rdp/
-590-Snagging creds from locked machines:
-591-Making a Blind SQL Injection a Little Less Blind:
https://medium.com/p/428dcb614ba8
-592-VulnHub — Kioptrix: Level 5:
-593-Unauthenticated Account Takeover Through HTTP Leak:
https://medium.com/p/33386bb0ba0b
-594-Hakluke’s Ultimate OSCP Guide: Part 1 — Is OSCP for you?:
-595-Finding Target-relevant Domain Fronts:
-596-Safe Red Team Infrastructure:
-597-Cobalt Strike Visualizations:
-598-OWASP Top 10 2017 — Web Application Security Risks:
https://medium.com/p/31f356491712
-599-XSS-Auditor — the protector of unprotected:
-600-Netcat vs Cryptcat – Remote Shell to Control Kali Linux from Windows machine:
https://gbhackers.com/netcat-vs-cryptcat
-601-Jenkins Servers Infected With Miner.:
https://medium.com/p/e370a900ab2e
-602-cheat-sheet:
http://pentestmonkey.net/category/cheat-sheet
-603-Command and Control – Website Keyword:
-604-Command and Control – Twitter:
https://pentestlab.blog/2017/09/26/command-and-control-twitter/
-605-Command and Control – Windows COM:
-606-Microsoft Office – NTLM Hashes via Frameset:
-607-PHISHING AGAINST PROTECTED VIEW:
-608-PHISHING WITH EMPIRE:
https://enigma0x3.net/2016/03/15/phishing-with-empire/
-609-Reverse Engineering Android Applications:
-610-HTML Injection:
https://pentestlab.blog/2013/06/26/html-injection/
-611-Meterpreter stage AV/IDS evasion with powershell:
-612-Windows Atomic Tests by ATT&CK Tactic & Technique:
-613-Windows Active Directory Post Exploitation Cheatsheet:
https://medium.com/p/48c2bd70388
-614-Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware:
-615-How to Bypass Anti-Virus to Run Mimikatz:
-616-Userland API Monitoring and Code Injection Detection:
-617-USE TOR. USE EMPIRE.:
-617-ADVANCED CROSS SITE SCRIPTING (XSS) CHEAT SHEET:
-618-Empire without PowerShell.exe:
https://bneg.io/2017/07/26/empire-without-powershell-exe/
-619-RED TEAM:
https://bneg.io/category/red-team/
-620-PDF Tools:
https://blog.didierstevens.com/programs/pdf-tools/
-621-DNS Data ex ltration — What is this and How to use?
-621-Google Dorks:
https://medium.com/p/7cfd432e0cf3
-622-Hacking with JSP Shells:
https://blog.netspi.com/hacking-with-jsp-shells/
-623-Malware Analysis:
https://github.com/RPISEC/Malware/raw/master/README.md
-624-A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.:
https://github.com/SandySekharan/CTF-tool
-625-Group Policy Preferences:
https://pentestlab.blog/2017/03/20/group-policy-preferences
-627-CHECKING FOR MALICIOUSNESS IN AC OFORM OBJECTS ON PDF FILES:
-628-deobfuscation:
https://furoner.wordpress.com/tag/deobfuscation/
-629-POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS:
-630-A COMPREHENSIVE TUTORIAL ON CROSS-SITE SCRIPTING:
-631-GCAT – BACKDOOR EM PYTHON:
-632-Latest Carding Dorks List for Sql njection 2019:
https://latestechnews.com/carding-dorks/
-633-google docs for credit card:
https://latestechnews.com/tag/google-docs-for-credit-card/
-634-How To Scan Multiple Organizations With Shodan and Golang (OSINT):
https://medium.com/p/d994ba6a9587
-635-How to Evade Application Whitelisting Using REGSVR32:
-636-phishing:
https://www.blackhillsinfosec.com/tag/phishing/
-637-Merlin in action: Intro to Merlin:
https://asciinema.org/a/ryljo8qNjHz1JFcFDK7wP6e9I
-638-IP Cams from around the world:
https://medium.com/p/a6f269f56805
-639-Advanced Cross Site Scripting(XSS) Cheat Sheet by Jaydeep Dabhi:
-640-Just how easy it is to do a domain or subdomain take over!?:
https://medium.com/p/265d635b43d8
-641-How to Create hidden user in Remote PC:
http://www.hackingarticles.in/create-hidden-remote-metaspolit
-642-Process Doppelgänging – a new way to impersonate a process:
-643-How to turn a DLL into astandalone EXE:
-644-Hijacking extensions handlers as a malware persistence method:
-645-I'll Get Your Credentials ... Later!:
https://www.fuzzysecurity.com/tutorials/18.html
-646-Game Over: CanYouPwnMe > Kevgir-1:
https://www.fuzzysecurity.com/tutorials/26.html
-647-IKARUS anti.virus and its 9 exploitable kernel vulnerabilities:
http://www.greyhathacker.net/?p=995
-648-Getting started in Bug Bounty:
https://medium.com/p/7052da28445a
-649-Union SQLi Challenges (Zixem Write-up):
-650-scanless – A Tool for Perform Anonymous Port Scan on Target Websites:
https://gbhackers.com/scanless-port-scans-websites-behalf
-651-WEBAPP PENTEST:
-652-Cross-Site Scripting (XSS) Payloads:
-653-sg1: swiss army knife for data encryption, exfiltration & covert communication:
https://securityonline.info/tag/sg1/
-654-NETWORK PENTEST:
-655-SQL injection in an UPDATE query - a bug bounty story!:
-656-Cross-site Scripting:
-657-Local File Inclusion:
-658-Command Injection:
-659-a categorized list of Windows CMD commands:
https://ss64.com/nt/commands.html
-660-Understanding Guide for Nmap Timing Scan (Firewall Bypass):
-661-RFID Hacking with The Proxmark 3:
https://blog.kchung.co/tag/rfid/
-662-A practical guide to RFID badge copying:
-663-Denial of Service using Cookie Bombing:
https://medium.com/p/55c2d0ef808c
-664-Vultr Domain Hijacking:
-665-Command and Control:
https://vincentyiu.co.uk/red-team/domain-fronting
-666-Cisco Auditing Tool & Cisco Global Exploiter to Exploit 14 Vulnerabilities in Cisco Switches and Routers:
https://gbhackers.com/cisco-global-exploiter-cge
-667-CHECKING FOR MALICIOUSNESS IN ACROFORM OBJECTS ON PDF FILES:
-668-Situational Awareness:
https://pentestlab.blog/2018/05/28/situational-awareness/
-669-Unquoted Service Path:
https://pentestlab.blog/2017/03/09/unquoted-service-path
-670-NFS:
https://pentestacademy.wordpress.com/2017/09/20/nfs/
-671-List of Tools for Pentest Rookies:
-672-Common Windows Commands for Pentesters:
-673-Open-Source Intelligence (OSINT) Reconnaissance:
https://medium.com/p/75edd7f7dada
-674-OSINT x UCCU Workshop on Open Source Intelligence:
-675-Advanced Attack Techniques:
-676-Credential Theft:
-678-The Cloud Shadow Admin Threat: 10 Permissions to Protect:
-679-Online Credit Card Theft: Today’s Browsers Store Sensitive Information Deficiently, Putting User Data at Risk:
-680-Weakness Within: Kerberos Delegation:
-681-Simple Domain Fronting PoC with GAE C2 server:
-682-Find Critical Information about a Host using DMitry:
-683-How To Do OS Fingerprinting In Kali Using Xprobe2:
-684-Crack SSH, FTP, Telnet Logins Using Hydra:
-685-Reveal Saved Passwords in Browser using JavaScript Injection:
-686-Nmap Cheat Sheet:
-687-Manual Post Exploitation on Windows PC (Network Command):
-688-Hack Gmail or Facebook Password of Remote PC using NetRipper Exploitation Tool:
-689-Hack Locked Workstation Password in Clear Text:
-690-How to Find ALL Excel, Office, PDF, and Images in Remote PC:
-691-red-teaming:
https://www.redteamsecure.com/category/red-teaming/
-692-Create a Fake AP and Sniff Data mitmAP:
http://www.uaeinfosec.com/create-fake-ap-sniff-data-mitmap/
-693-Bruteforcing From Nmap Output BruteSpray:
http://www.uaeinfosec.com/bruteforcing-nmap-output-brutespray/
-694-Reverse Engineering Framework radare2:
-695-Automated ettercap TCP/IP Hijacking Tool Morpheus:
-696-List Of Vulnerable SQL Injection Sites:
-697-Command and Control – Gmail:
https://pentestlab.blog/2017/08/03/command-and-control-gmail/
-698-Command and Control – DropBox:
https://pentestlab.blog/2017/08/29/command-and-control-dropbox/
-699-Skeleton Key:
https://pentestlab.blog/2018/04/10/skeleton-key/
-700-Secondary Logon Handle:
https://pentestlab.blog/2017/04/07/secondary-logon-handle
-701-Hot Potato:
https://pentestlab.blog/2017/04/13/hot-potato
-702-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):
-703-Linux-Kernel-exploits:
http://tacxingxing.com/category/exploit/kernel-exploit/
-704-Linux-Kernel-Exploit Stack Smashing:
-705-Linux Kernel Exploit Environment:
-706-Linux-Kernel-Exploit NULL dereference:
-707-Apache mod_python for red teams:
-708-Bounty Write-up (HTB):
https://medium.com/p/9b01c934dfd2/
709-CTF Writeups:
https://medium.com/ctf-writeups
-710-Detecting Malicious Microsoft Office Macro Documents:
http://www.greyhathacker.net/?p=872
-711-SQL injection in Drupal:
https://hackerone.com/reports/31756
-712-XSS and open redirect on Twitter:
https://hackerone.com/reports/260744
-713-Shopify login open redirect:
https://hackerone.com/reports/55546
-714-HackerOne interstitial redirect:
https://hackerone.com/reports/111968
-715-Ubiquiti sub-domain takeovers:
https://hackerone.com/reports/181665
-716-Scan.me pointing to Zendesk:
https://hackerone.com/reports/114134
-717-Starbucks' sub-domain takeover:
https://hackerone.com/reports/325336
-718-Vine's sub-domain takeover:
https://hackerone.com/reports/32825
-719-Uber's sub-domain takeover:
https://hackerone.com/reports/175070
-720-Read access to Google:
-721-A Facebook XXE with Word:
-722-The Wikiloc XXE:
https://www.davidsopas.com/wikiloc-xxe-vulnerability/
-723-Uber Jinja2 TTSI:
https://hackerone.com/reports/125980
-724-Uber Angular template injection:
https://hackerone.com/reports/125027
-725-Yahoo Mail stored XSS:
https://klikki.fi/adv/yahoo2.html
-726-Google image search XSS:
-727-Shopify Giftcard Cart XSS :
https://hackerone.com/reports/95089
-728-Shopify wholesale XSS :
https://hackerone.com/reports/106293
-729-Bypassing the Shopify admin authentication:
https://hackerone.com/reports/270981
-730-Starbucks race conditions:
https://sakurity.com/blog/2015/05/21/starbucks.html
-731-Binary.com vulnerability – stealing a user's money:
https://hackerone.com/reports/98247
-732-HackerOne signal manipulation:
https://hackerone.com/reports/106305
-733-Shopify S buckets open:
https://hackerone.com/reports/98819
-734-HackerOne S buckets open:
https://hackerone.com/reports/209223
-735-Bypassing the GitLab 2F authentication:
https://gitlab.com/gitlab-org/gitlab-ce/issues/14900
-736-Yahoo PHP info disclosure:
-737-Shopify for exporting installed users:
https://hackerone.com/reports/96470
-738-Shopify Twitter disconnect:
https://hackerone.com/reports/111216
-739-Badoo full account takeover:
https://hackerone.com/reports/127703
-740-Disabling PS Logging:
-741-macro-less-code-exec-in-msword:
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
-742-5 ways to Exploiting PUT Vulnerability:
-743-5 Ways to Exploit Verb Tempering Vulnerability:
-744-5 Ways to Hack MySQL Login Password:
-745-5 Ways to Hack SMB Login Password:
http://www.hackingarticles.in/5-ways-to-hack-smb-login-password
-746-6 Ways to Hack FTP Login Password:
http://www.hackingarticles.in/6-ways-to-hack-ftp-login-password
-746-6 Ways to Hack SNMP Password:
http://www.hackingarticles.in/6-ways-to-hack-snmp-password
-747-6 Ways to Hack VNC Login Password:
http://www.hackingarticles.in/6-ways-to-hack-vnc-login-password
-748-Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter:
-749-Beginner Guide to IPtables:
http://www.hackingarticles.in/beginner-guide-iptables
-750-Beginner Guide to impacket Tool kit:
-751-Exploit Remote Windows 10 PC using Discover Tool:
-752-Forensics Investigation of Remote PC (Part 2):
-753-5 ways to File upload vulnerability Exploitation:
-754-FTP Penetration Testing in Ubuntu (Port 21):
-755-FTP Penetration Testing on Windows (Port 21):
http://www.hackingarticles.in/ftp-penetration-testing-windows
-756-FTP Pivoting through RDP:
http://www.hackingarticles.in/ftp-pivoting-rdp
-757-Fun with Metasploit Payloads:
http://www.hackingarticles.in/fun-metasploit-payloads
-758-Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC:
-759-Generating Reverse Shell using Msfvenom (One Liner Payload):
-760-Generating Scan Reports Using Nmap (Output Scan):
-761-Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled):
-762-Hack ALL Security Features in Remote Windows 7 PC:
-763-5 ways to Exploit LFi Vulnerability:
http://www.hackingarticles.in/5-ways-exploit-lfi-vulnerability
-764-5 Ways to Directory Bruteforcing on Web Server:
-765-Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit:
-766-Hack Gmail and Facebook Password in Network using Bettercap:
-767-ICMP Penetration Testing:
http://www.hackingarticles.in/icmp-penetration-testing
-768-Understanding Guide to Mimikatz:
http://www.hackingarticles.in/understanding-guide-mimikatz
-769-5 Ways to Create Dictionary for Bruteforcing:
-770-Linux Privilege Escalation using LD_Preload:
-771-2 Ways to Hack Remote Desktop Password using kali Linux:
-772-2 ways to use Msfvenom Payload with Netcat:
-773-4 ways to Connect Remote PC using SMB Port:
-774-4 Ways to DNS Enumeration:
http://www.hackingarticles.in/4-ways-dns-enumeration
-775-4 Ways to get Linux Privilege Escalation:
-776-101+ OSINT Resources for Investigators [2019]:
-777-Week in OSINT #2019–02:
-778-OSINT Cheat Sheet:
https://hack2interesting.com/osint-cheat-sheet/
-779-OSINT Cheat Sheet:
https://infoskirmish.com/osint-cheat-sheet/
-780-OSINT Links for Investigators:
https://i-sight.com/resources/osint-links-for-investigators/
-781- Metasploit Cheat Sheet :
https://www.kitploit.com/2019/02/metasploit-cheat-sheet.html
-782- Exploit Development Cheat Sheet:
-783-Building Profiles for a Social Engineering Attack:
-784-Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes):
-785-Getting the goods with CrackMapExec: Part 2:
https://byt3bl33d3r.github.io/tag/crackmapexec.html
-786-Bug Hunting Methodology (part-1):
https://medium.com/p/91295b2d2066
-787-Exploring Cobalt Strike's ExternalC2 framework:
-788-Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities:
-789-Adversarial Tactics, Techniques & Common Knowledge:
https://attack.mitre.org/wiki/Main_Page
-790-Bug Bounty — Tips / Tricks / JS (JavaScript Files):
https://medium.com/p/bdde412ea49d
-791-Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition):
https://medium.com/p/f88a9f383fcc
-792-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:
-793-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:
-794-ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution:
-795-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):
-796-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:
-797-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:
-798-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:
-799-Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement:
-800-Capcom Rootkit Proof-Of-Concept:
https://www.fuzzysecurity.com/tutorials/28.html
-801-Linux Privilege Escalation using Misconfigured NFS:
-802-Beginners Guide for John the Ripper (Part 1):
-803-Working of Traceroute using Wireshark:
-804-Multiple Ways to Get root through Writable File:
-805-4 ways to SMTP Enumeration:
http://www.hackingarticles.in/4-ways-smtp-enumeration
-806-4 ways to Hack MS SQL Login Password:
-807-4 Ways to Hack Telnet Passsword:
http://www.hackingarticles.in/4-ways-to-hack-telnet-passsword
-808-5 ways to Brute Force Attack on WordPress Website:
-809-5 Ways to Crawl a Website:
http://www.hackingarticles.in/5-ways-crawl-website
-810-Local Linux Enumeration & Privilege Escalation Cheatsheet:
https://www.rebootuser.com/?p=1623
-811-The Drebin Dataset:
https://www.sec.cs.tu-bs.de/~danarp/drebin/download.html
-812-ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else:
https://www.slideshare.net/x00mario/es6-en
-813-IT and Information Security Cheat Sheets:
https://zeltser.com/cheat-sheets/
-814-Cheat Sheets - DFIR Training:
https://www.dfir.training/cheat-sheets
-815-WinDbg Malware Analysis Cheat Sheet:
-819-Cheat Sheet for Analyzing Malicious Software:
-820-Analyzing Malicious Documents Cheat Sheet - Prodefence:
-821-Cheat Sheets - SANS Digital Forensics:
https://digital-forensics.sans.org/community/cheat-sheets
-822-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:
-823-Windows Registry Auditing Cheat Sheet:
-824-Cheat Sheet of Useful Commands Every Kali Linux User Needs To Know:
https://kennyvn.com/cheatsheet-useful-bash-commands-linux/
-825-kali-linux-cheatsheet:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-826-8 Best Kali Linux Terminal Commands used by Hackers (2019 Edition):
-827-Kali Linux Commands Cheat Sheet:
https://www.pinterest.com/pin/393431717429496576/
-827-Kali Linux Commands Cheat Sheet A To Z:
https://officialhacker.com/linux-commands-cheat-sheet/
-828-Linux commands CHEATSHEET for HACKERS:
-829-100 Linux Commands – A Brief Outline With Cheatsheet:
https://fosslovers.com/100-linux-commands-cheatsheet/
-830-Kali Linux – Penetration Testing Cheat Sheet:
-831-Basic Linux Terminal Shortcuts Cheat Sheet :
-832-List Of 220+ Kali Linux and Linux Commands Line {Free PDF} :
https://itechhacks.com/kali-linux-and-linux-commands/
-833-Transferring files from Kali to Windows (post exploitation):
-834-The Ultimate Penetration Testing Command Cheat Sheet for Kali Linux:
-835-What is penetration testing? 10 hacking tools the pros use:
-836-Best Hacking Tools List for Hackers & Security Professionals in 2019:
https://gbhackers.com/hacking-tools-list/
-837-ExploitedBunker PenTest Cheatsheet:
https://exploitedbunker.com/articles/pentest-cheatsheet/
-838-How to use Zarp for penetration testing:
-839-Wireless Penetration Testing Cheat Sheet;
-840-Pentest Cheat Sheets:
https://www.cheatography.com/tag/pentest/
-841-40 Best Penetration Testing (Pen Testing) Tools in 2019:
https://www.guru99.com/top-5-penetration-testing-tools.html
-842-Metasploit Cheat Sheet:
https://www.hacking.land/2019/02/metasploit-cheat-sheet.html
-843-OSCP useful resources and tools;
https://acknak.fr/en/articles/oscp-tools/
-844-Pentest + Exploit dev Cheatsheet:
https://ehackings.com/all-posts/pentest-exploit-dev-cheatsheet/
-845-What is Penetration Testing? A Quick Guide for 2019:
https://www.cloudwards.net/penetration-testing/
-846-Recon resource:
-847-Network Recon Cheat Sheet:
-848-Recon Cheat Sheets:
https://www.cheatography.com/tag/recon/
-849-Penetration Testing Active Directory, Part II:
-850-Reverse-engineering Cheat Sheets:
https://www.cheatography.com/tag/reverse-engineering/
-851-Reverse Engineering Cheat Sheet:
-852-ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS:
-853-PROPagate:
-854-Process Doppelgänging, by Tal Liberman and Eugene Kogan::
-855-Gargoyle:
-856-GHOSTHOOK:
-857-Learn C:
https://www.programiz.com/c-programming
-858-x86 Assembly Programming Tutorial:
https://www.tutorialspoint.com/assembly_programming/
-859-Dr. Paul Carter's PC Assembly Language:
http://pacman128.github.io/pcasm/
-860-Introductory Intel x86 - Architecture, Assembly, Applications, and Alliteration:
http://opensecuritytraining.info/IntroX86.html
-861-x86 Disassembly:
https://en.wikibooks.org/wiki/X86_Disassembly
-862-use-of-dns-tunneling-for-cc-communications-malware:
-863-Using IDAPython to Make Your Life Easier (Series)::
-864-NET binary analysis:
-865-detailed analysis of the BlackEnergy3 big dropper:
-866-detailed analysis of Uroburos rootkit:
-867-TCP/IP and tcpdump Pocket Reference Guide:
https://www.sans.org/security-resources/tcpip.pdf
-868-TCPDUMP Cheatsheet:
http://packetlife.net/media/library/12/tcpdump.pdf
-869-Scapy Cheatsheet:
http://packetlife.net/media/library/36/scapy.pdf
-870-WIRESHARK DISPLAY FILTERS:
-871-Windows command line sheet:
-872-Metasploit cheat sheet:
-873-IPv6 Cheatsheet:
http://packetlife.net/media/library/8/IPv6.pdf
-874-IPv4 Subnetting:
http://packetlife.net/media/library/15/IPv4_Subnetting.pdf
-875-IOS IPV4 ACCESS LISTS:
-876-Common Ports List:
http://packetlife.net/media/library/23/common_ports.pdf
-877-WLAN:
http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf
-878-VLANs Cheatsheet:
http://packetlife.net/media/library/20/VLANs.pdf
-879-VoIP Basics CheatSheet:
http://packetlife.net/media/library/34/VOIP_Basics.pdf
-880-Google hacking and defense cheat sheet:
https://www.sans.org/security-resources/GoogleCheatSheet.pdf
-881-Nmap CheatSheet:
-882-Netcat cheat sheet:
-883-PowerShell cheat sheet:
-884-Scapy cheat sheet POCKET REFERENCE:
-885-SQL injection cheat sheet.:
-886-Injection cheat sheet:
-887-Symmetric Encryption Algorithms cheat sheet:
-888-Intrusion Discovery Cheat Sheet v2.0 for Linux:
https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf
-889-Intrusion Discovery Cheat Sheet v2.0 for Window:
https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf
-890-Memory Forensics Cheat Sheet v1.2:
-891-CRITICAL LOG REVIEW CHECKLIST FOR SECURITY INCIDENTS G E N E R AL APPROACH:
https://www.sans.org/brochure/course/log-management-in-depth/6
-892-Evidence collection cheat sheet:
-893-Hex file and regex cheat sheet v1.0:
-894-Rekall Memory Forensic Framework Cheat Sheet v1.2.:
-895-SIFT WORKSTATION Cheat Sheet v3.0.:
https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf
-896-Volatility Memory Forensic Framework Cheat Sheet:
-897-Hands - on Network Forensics.:
-898-VoIP Security Vulnerabilities.:
-899-Incident Response: How to Fight Back:
-900-BI-7_VoIP_Analysis_Fundamentals:
-901-Bug Hunting Guide:
cybertheta.blogspot.com/2018/08/bug-hunting-guide.html
-902-Guide 001 |Getting Started in Bug Bounty Hunting:
-903-SQL injection cheat sheet :
https://portswigger.net › Web Security Academy › SQL injection › Cheat sheet
-904-RSnake's XSS Cheat Sheet:
https://www.in-secure.org/2018/08/22/rsnakes-xss-cheat-sheet/
-905-Bug Bounty Tips (2):
https://ctrsec.io/index.php/2019/03/20/bug-bounty-tips-2/
-906-A Review of my Bug Hunting Journey:
https://kongwenbin.com/a-review-of-my-bug-hunting-journey/
-907-Meet the First Hacker Millionaire on HackerOne:
-908-XSS Cheat Sheet:
-909-Bug Bounty Hunter Methodology:
-910-#10 Rules of Bug Bounty:
https://hackernoon.com/10-rules-of-bug-bounty-65082473ab8c
-911-Bugbounty Checklist:
https://www.excis3.be/bugbounty-checklist/21/
-912-FireBounty | The Ultimate Bug Bounty List!:
https://firebounty.com/
-913-Brutelogic xss cheat sheet 2019:
https://brutelogic.com.br/blog/ebook/xss-cheat-sheet/
-914-XSS Cheat Sheet by Rodolfo Assis:
https://leanpub.com/xss
-915-Cross-Site-Scripting (XSS) – Cheat Sheet:
-916-XSS Cheat Sheet V. 2018 :
-917-Cross-site Scripting Payloads Cheat Sheet :
https://exploit.linuxsec.org/xss-payloads-list
-918-Xss Cheat Sheet :
https://www.in-secure.org/tag/xss-cheat-sheet/
-919-Open Redirect Cheat Sheet :
-920-XSS, SQL Injection and Fuzzing Bar Code Cheat Sheet:
-921-XSS Cheat Sheet:
https://tools.paco.bg/13/
-922-XSS for ASP.net developers:
-923-Cross-Site Request Forgery Cheat Sheet:
-924-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:
https://www.acunetix.com/websitesecurity/csrf-attacks/
-925-Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet :
-926-Guide to CSRF (Cross-Site Request Forgery):
https://www.veracode.com/security/csrf
-927-Cross-site Request Forgery - Exploitation & Prevention:
-928-SQL Injection Cheat Sheet :
-929-MySQL SQL Injection Practical Cheat Sheet:
-930-SQL Injection (SQLi) - Cheat Sheet, Attack Examples & Protection:
https://www.checkmarx.com/knowledge/knowledgebase/SQLi
-931-SQL injection attacks: A cheat sheet for business pros:
-932-The SQL Injection Cheat Sheet:
-933-SQL Injection Cheat Sheet:
-934-Comprehensive SQL Injection Cheat Sheet:
-935-MySQL SQL Injection Cheat Sheet:
pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
-936-SQL Injection Cheat Sheet: MySQL:
-937- MySQL Injection Cheat Sheet:
https://www.asafety.fr/mysql-injection-cheat-sheet/
-938-SQL Injection Cheat Sheet:
-939-Google dorks cheat sheet 2019:
-940-Command Injection Cheatsheet :
https://hackersonlineclub.com/command-injection-cheatsheet/
-941-OS Command Injection Vulnerability:
-942-OS Command Injection:
-943-Command Injection: The Good, the Bad and the Blind:
-944-OS command injection:
https://portswigger.net › Web Security Academy › OS command injection
-945-How to Test for Command Injection:
-946-Data Exfiltration via Blind OS Command Injection:
-947-XXE Cheatsheet:
https://www.gracefulsecurity.com/xxe-cheatsheet/
-948-bugbounty-cheatsheet/xxe.:
-949-XXE - Information Security:
https://phonexicum.github.io/infosec/xxe.html
-950-XXE Cheat Sheet:
https://www.hahwul.com/p/xxe-cheat-sheet.html
-951-Advice From A Researcher: Hunting XXE For Fun and Profit:
https://www.bugcrowd.com/blog/advice-from-a-bug-hunter-xxe/
-952-Out of Band Exploitation (OOB) CheatSheet :
https://www.notsosecure.com/oob-exploitation-cheatsheet/
-953-Web app penentration testing checklist and cheatsheet:
www.malwrforensics.com/.../web-app-penentration-testing-checklist-and-cheatsheet-with-example
-954-Useful Resources:
https://lsdsecurity.com/useful-resources/
-955-Exploiting XXE Vulnerabilities in IIS/.NET:
-956-Top 65 OWASP Cheat Sheet Collections - ALL IN ONE:
-957-Hacking Resources:
https://www.torontowebsitedeveloper.com/hacking-resources
-958-Out of Band XML External Entity Injection:
-959-XXE - ZeroSec - Adventures In Information Security:
https://blog.zsec.uk/out-of-band-xxe-2/
-960-Blog - Automated Data Exfiltration with XXE:
-961-My Experience during Infosec Interviews:
-962-Top 10 Security Risks on the Web (OWASP):
-963-Antivirus Evasion Tools [Updated 2019] :
https://resources.infosecinstitute.com/antivirus-evasion-tools/
-964-Adventures in Anti-Virus Evasion:
https://www.gracefulsecurity.com/anti-virus-evasion/
-965-Antivirus Bypass Phantom Evasion - 2019 :
-966-Antivirus Evasion with Python:
-967-Windows oneliners to get shell:
-968-Does Veil Evasion Still Work Against Modern AntiVirus?:
https://www.hackingloops.com/veil-evasion-virustotal/
-969-Google dorks cheat sheet 2019 :
-970-Malware Evasion Techniques :
-971-How to become a cybersecurity pro: A cheat sheet:
-972-Bypassing Antivirus With Ten Lines of Code:
-973-Bypassing antivirus detection on a PDF exploit:
-974-Generating Payloads & Anti-Virus Bypass Methods:
-975-Apkwash Android Antivirus Evasion For Msfvemon:
-976-Penetration Testing with Windows Computer & Bypassing an Antivirus:
-978-Penetration Testing: The Quest For Fully UnDetectable Malware:
-979-AVET: An AntiVirus Bypassing tool working with Metasploit Framework :
https://githacktools.blogspot.com
-980-Creating an undetectable payload using Veil-Evasion Toolkit:
-981-Evading Antivirus :
https://sathisharthars.com/tag/evading-antivirus/
-982-AVPASS – All things in moderation:
https://hydrasky.com/mobile-security/avpass/
-983-Complete Penetration Testing & Hacking Tools List:
https://cybarrior.com/blog/2019/03/31/hacking-tools-list/
-984-Modern red teaming: 21 resources for your security team:
-985-BloodHound and CypherDog Cheatsheet :
-986-Redteam Archives:
https://ethicalhackingguru.com/category/redteam/
-987-NMAP Commands Cheat Sheet:
https://www.networkstraining.com/nmap-commands-cheat-sheet/
-988-Nmap Cheat Sheet:
https://dhound.io/blog/nmap-cheatsheet
-989-Nmap Cheat Sheet: From Discovery to Exploits:
https://resources.infosecinstitute.com/nmap-cheat-sheet/
-990-Nmap Cheat Sheet and Pro Tips:
-991-Nmap Tutorial: from the Basics to Advanced Tips:
https://hackertarget.com/nmap-tutorial/
-992-How to run a complete network scan with OpenVAS;
-993-Nmap: my own cheatsheet:
-994-Top 32 Nmap Command Examples For Linux Sys/Network Admins:
-995-35+ Best Free NMap Tutorials and Courses to Become Pro Hacker:
-996-Scanning Tools:
https://widesecurity.net/kali-linux/kali-linux-tools-scanning/
-997-Nmap - Cheatsheet:
-998-Linux for Network Engineers:
https://netbeez.net/blog/linux-how-to-use-nmap/
-999-Nmap Cheat Sheet:
-1000-Tactical Nmap for Beginner Network Reconnaissance:
-1001-A Guide For Google Hacking Database:
https://www.hackgentips.com/google-hacking-database/
-1002-2019 Data Breaches - The Worst Breaches, So Far:
https://www.identityforce.com/blog/2019-data-breaches
-1003-15 Vulnerable Sites To (Legally) Practice Your Hacking Skills:
-1004-Google Hacking Master List :
-1005-Smart searching with googleDorking | Exposing the Invisible:
https://exposingtheinvisible.org/guides/google-dorking/
-1006-Google Dorks 2019:
https://korben.info/google-dorks-2019-liste.html
-1007-Google Dorks List and how to use it for Good;
https://edgy.app/google-dorks-list
-1008-How to Use Google to Hack(Googledorks):
-1009-Using google as hacking tool:
-1010-#googledorks hashtag on Twitter:
https://twitter.com/hashtag/googledorks
-1011-Top Five Open Source Intelligence (OSINT) Tools:
-1012-What is open-source intelligence (OSINT)?:
-1013-A Guide to Open Source Intelligence Gathering (OSINT):
-1014-OSINT: How to find information on anyone:
-1015-What is OSINT? How can I make use of it?:
-1016-OSINT Tools for the Dark Web:
https://jakecreps.com/2019/05/16/osint-tools-for-the-dark-web/
-1017-A Guide to Open Source Intelligence (OSINT):
-1018-An Introduction To Open Source Intelligence (OSINT):
-1019-SSL & TLS HTTPS Testing [Definitive Guide] - Aptive:
https://www.aptive.co.uk/blog/tls-ssl-security-testing/
-1020-Exploit Title: [Files Containing E-mail and Associated Password Lists]:
https://www.exploit-db.com/ghdb/4262/?source=ghdbid
-1021-cheat_sheets:
http://zachgrace.com/cheat_sheets/
-1022-Intel SYSRET:
https://pentestlab.blog/2017/06/14/intel-sysret
-1023-Windows Preventive Maintenance Best Practices:
-1024-An Overview of Storage Devices:
http://www.professormesser.com/?p=19367
-1025-An Overview of RAID:
http://www.professormesser.com/?p=19373
-1026-How to Troubleshoot:
-1027-Mobile Device Security Troubleshooting:
-1028-Using Wireshark: Identifying Hosts and Users:
-1029-Using Wireshark - Display Filter Expressions:
-1030-Decrypting SSL/TLS traffic with Wireshark:
-1031-A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.:
https://onceupon.github.io/Bash-Oneliner/
-1032- Bash One-Liners Explained, Part I: Working with files :
https://catonmat.net/bash-one-liners-explained-part-one
-1033-Bash One-Liners Explained, Part IV: Working with history:
https://catonmat.net/bash-one-liners-explained-part-four
-1034-Useful bash one-liners :
https://github.com/stephenturner/oneliners
-1035-Some Random One-liner Linux Commands [Part 1]:
-1036-The best terminal one-liners from and for smart admins + devs.:
https://www.ssdnodes.com/tools/one-line-wise/
-1037-Shell one-liner:
https://rosettacode.org/wiki/Shell_one-liner#Racket
-1038-SSH Cheat Sheet:
http://pentestmonkey.net/tag/ssh
-1039-7000 Google Dork List:
https://pastebin.com/raw/Tdvi8vgK
-1040-GOOGLE HACKİNG DATABASE – GHDB:
https://pastebin.com/raw/1ndqG7aq
-1041-STEALING PASSWORD WITH GOOGLE HACK:
https://pastebin.com/raw/x6BNZ7NN
-1042-Hack Remote PC with PHP File using PhpSploit Stealth Post-Exploitation Framework:
-1043-Open Source database of android malware:
www.code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki
-1044-big-list-of-naughty-strings:
-1045-publicly available cap files:
http://www.netresec.com/?page=PcapFiles
-1046-“Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”:
-1047-Building a malware analysis toolkit:
https://zeltser.com/build-malware-analysis-toolkit/
-1048-Netcat Reverse Shell Cheat Sheet:
-1049-Packers and crypters:
-1050-Evading antivirus:
http://www.blackhillsinfosec.com/?p=5094
-1051-cheat sheets and information,The Art of Hacking:
https://github.com/The-Art-of-Hacking
-1052-Error-based SQL injection:
https://www.exploit-db.com/docs/37953.pdf
-1053-XSS cheat sheet:
https://www.veracode.com/security/xss
-1054-Active Directory Enumeration with PowerShell:
https://www.exploit-db.com/docs/46990
-1055-Buffer Overflows, C Programming, NSA GHIDRA and More:
https://www.exploit-db.com/docs/47032
-1056-Analysis of CVE-2019-0708 (BlueKeep):
https://www.exploit-db.com/docs/46947
-1057-Windows Privilege Escalations:
https://www.exploit-db.com/docs/46131
-1058-The Ultimate Guide For Subdomain Takeover with Practical:
https://www.exploit-db.com/docs/46415
-1059-File transfer skills in the red team post penetration test:
https://www.exploit-db.com/docs/46515
-1060-How To Exploit PHP Remotely To Bypass Filters & WAF Rules:
https://www.exploit-db.com/docs/46049
-1061-Flying under the radar:
https://www.exploit-db.com/docs/45898
-1062-what is google hacking? and why it is useful ?and how you can learn how to use it:
https://twitter.com/cry__pto/status/1142497470825545729?s=20
-1063-useful blogs for penetration testers:
https://twitter.com/cry__pto/status/1142497470825545729?s=20
-1064-useful #BugBounty resources & links & tutorials & explanations & writeups ::
https://twitter.com/cry__pto/status/1143965322233483265?s=20
-1065-Union- based SQL injection:
-1066-Broken access control:
-1067-Understanding firewall types and configurations:
-1068-5 Kali Linux tricks that you may not know:
-1069-5 tips to make the most of Twitter as a pentester or bug bounty hunter:
-1060-A Guide To Subdomain Takeovers:
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
-1061-Advanced Recon Automation (Subdomains) case 1:
https://medium.com/p/9ffc4baebf70
-1062-Security testing for REST API with w3af:
-1062-The Lazy Hacker:
https://securit.ie/blog/?p=86
-1063-Practical recon techniques for bug hunters & pen testers:
-1064-A More Advanced Recon Automation #1 (Subdomains):
-1065-Expanding your scope (Recon automation #2):
-1066-RCE by uploading a web.config:
-1067-Finding and exploiting Blind XSS:
https://enciphers.com/finding-and-exploiting-blind-xss/
-1068-Google dorks list 2018:
http://conzu.de/en/google-dork-liste-2018-conzu
-1096-Out of Band Exploitation (OOB) CheatSheet:
https://www.notsosecure.com/oob-exploitation-cheatsheet/
-1070-Metasploit Cheat Sheet:
-1071-Linux Post Exploitation Cheat Sheet :
red-orbita.com/?p=8455
-1072-OSCP/Pen Testing Resources :
-1073-Out Of Band Exploitation (OOB) CheatSheet :
-1074-HTML5 Security Cheatsheet:
https://html5sec.org/
-1075-Kali Linux Cheat Sheet for Penetration Testers:
-1076-Responder - CheatSheet:
-1076-Windows Post-Exploitation Command List:
pentest.tonyng.net/windows-post-exploitation-command-list/
-1077-Transfer files (Post explotation) - CheatSheet
-1078-SQL Injection Cheat Sheet: MSSQL — GracefulSecurity:
-1079-OSCP useful resources and tools:
https://acknak.fr/en/articles/oscp-tools/
-1080-Penetration Testing 102 - Windows Privilege Escalation - Cheatsheet:
www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet
-1081-Transferring files from Kali to Windows (post exploitation) :
-1082-Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit:
-1083-OSCP Goldmine (not clickbait):
0xc0ffee.io/blog/OSCP-Goldmine
-1084-Privilege escalation: Linux :
-1085-Exploitation Tools Archives :
https://pentesttools.net/category/exploitationtools/
-1086-From Local File Inclusion to Remote Code Execution - Part 1:
-1087-Basic Linux Privilege Escalation:
-1088-Title: Ultimate Directory Traversal & Path Traversal Cheat Sheet:
www.vulnerability-lab.com/resources/documents/587.txt
-1089-Binary Exploitation:
https://pwndevils.com/hacking/howtwohack.html
1090-A guide to Linux Privilege Escalation:
https://payatu.com/guide-linux-privilege-escalation/
-1091-Penetration Testing Tools Cheat Sheet :
https://news.ycombinator.com/item?id=11977304
-1092-List of Metasploit Commands - Cheatsheet:
https://thehacktoday.com/metasploit-commands/
-1093-A journey into Radare 2 – Part 2: Exploitation:
https://www.megabeets.net/a-journey-into-radare-2-part-2/
-1094-Remote Code Evaluation (Execution) Vulnerability:
-1095-Exploiting Python Code Injection in Web Applications:
-1096-Shells · Total OSCP Guide:
-1097-MongoDB Injection cheat sheet Archives:
-1098-Basic Shellshock Exploitation:
-1099-Wireshark Tutorial and Tactical Cheat Sheet :
https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/
-1100-Windows Command Line cheatsheet (part 2):
-1101-Detecting WMI exploitation:
www.irongeek.com/i.php?page=videos/derbycon8/track-3-03...exploitation...
1102-Metasploit Cheat Sheet - Hacking Land :
https://www.hacking.land/2019/02/metasploit-cheat-sheet.html
-1103-5 Practical Scenarios for XSS Attacks:
https://pentest-tools.com/blog/xss-attacks-practical-scenarios/
-1104-Ultimate gdb cheat sheet:
-1105-Reverse Engineering Cheat Sheet:
-1106-Reverse Engineering Cheat Sheet:
-1107-Reverse Engineering For Malware Analysis:
https://eforensicsmag.com/reverse_engi_cheatsheet/
-1108-Reverse-engineering Cheat Sheets :
https://www.cheatography.com/tag/reverse-engineering/
-1109-Shortcuts for Understanding Malicious Scripts:
-1110-WinDbg Malware Analysis Cheat Sheet :
-1111-Cheat Sheet for Malware Analysis:
-1112-Tips for Reverse-Engineering Malicious Code :
-1113-Cheatsheet for radare2 :
https://leungs.xyz/reversing/2018/04/16/radare2-cheatsheet.html
-1114-Reverse Engineering Cheat Sheets:
https://www.pinterest.com/pin/576390452300827323/
-1115-Reverse Engineering Resources-Beginners to intermediate Guide/Links:
-1116-Malware Resources :
https://www.professor.bike/malware-resources
-1117-Zero-day exploits: A cheat sheet for professionals:
-1118-Getting cozy with exploit development:
-1119-appsec - Web Security Cheatsheet :
-1120-PEDA - Python Exploit Development Assistance For GDB:
https://www.pinterest.ru/pin/789044797190775841/
-1121-Exploit Development Introduction (part 1) :
-1122-Windows Exploit Development: A simple buffer overflow example:
-1123-Exploit Development-Everything You Need to Know:
-1124-Exploit Development :
https://0x00sec.org/c/exploit-development
-1125-Exploit Development - Infosec Resources:
-1126-Exploit Development :
https://www.reddit.com/r/ExploitDev/
-1127-A Study in Exploit Development - Part 1: Setup and Proof of Concept :
-1128-Exploit Development for Beginners:
https://www.youtube.com/watch?v=tVDuuz60KKc
-1129-Introduction to Exploit Development:
https://www.fuzzysecurity.com/tutorials/expDev/1.html
-1130-Exploit Development And Reverse Engineering:
-1131-wireless forensics:
-1132-fake AP Detection:
-1133-In-Depth analysis of SamSam Ransomware:
-1134-WannaCry ransomware:
-1135-malware analysis:
-1136-Metasploit's detailed communication and protocol writeup:
-1137-Metasploit's SSL-generation module::
-1139-Empire IOCs::
-1140-excellent free training on glow analysis:
http://opensecuritytraining.info/Flow.html
-1141-NetFlow using Silk:
https://tools.netsa.cert.org/silk/analysis-handbook.pdf
-1142-Deep Packet Inspection:
https://is.muni.cz/th/ql57c/dp-svoboda.pdf
-1143-Detecting Behavioral Personas with OSINT and Datasploit:
https://www.exploit-db.com/docs/45543
-1144-WordPress Penetration Testing using WPScan and MetaSploit:
https://www.exploit-db.com/docs/45556
-1145-Bulk SQL Injection using Burp-to-SQLMap:
https://www.exploit-db.com/docs/45428
-1146-XML External Entity Injection - Explanation and Exploitation:
https://www.exploit-db.com/docs/45374
-1147- Web Application Firewall (WAF) Evasion Techniques #3 (CloudFlare and ModSecurity OWASP CRS3):
https://www.exploit-db.com/docs/45368
-1148-File Upload Restrictions Bypass:
https://www.exploit-db.com/docs/45074
-1149-VLAN Hopping Attack:
https://www.exploit-db.com/docs/45050
-1150-Jigsaw Ransomware Analysis using Volatility:
-1151-Ransomware early detection by the analysis of file sharing traffic:
-1152-Do You Think You Can Analyse Ransomware?:
-1153-Analysis of LockerGoga Ransomware :
-1154-Detection and Forensic Analysis of Ransomware Attacks :
-1155-Bad Rabbit Ransomware Technical Analysis:
-1156-NotPetya Ransomware analysis :
https://safe-cyberdefense.com/notpetya-ransomware-analysis/
-1157-Identifying WannaCry on Your Server Using Logs:
-1158-The past, present, and future of ransomware:
-1159-The dynamic analysis of WannaCry ransomware :
https://ieeexplore.ieee.org/iel7/8318543/8323471/08323682.pdf
-1160-Malware Analysis: Ransomware - SlideShare:
-1161-Article: Anatomy of ransomware malware: detection, analysis :
https://www.inderscience.com/info/inarticle.php?artid=84399
-1162-Tracking desktop ransomware payments :
-1163-What is Ransomware? Defined, Explained, and Explored:
https://www.forcepoint.com/cyber-edu/ransomware
-1164-Detect and Recover from Ransomware Attacks:
https://www.indexengines.com/ransomware
-1165-Wingbird rootkit analysis:
-1166-Windows Kernel Rootkits: Techniques and Analysis:
-1167-Rootkit: What is a Rootkit and How to Detect It :
https://www.veracode.com/security/rootkit
-1168-Dissecting Turla Rootkit Malware Using Dynamic Analysis:
-1169-Rootkits and Rootkit Detection (Windows Forensic Analysis) Part 2:
-1170-ZeroAccess – an advanced kernel mode rootkit :
-1171-Rootkit Analysis Identification Elimination:
-1172-TDL3: The Rootkit of All Evil?:
static1.esetstatic.com/us/resources/white-papers/TDL3-Analysis.pdf
-1173-Avatar Rootkit: Dropper Analysis:
-1174-Sality rootkit analysis:
https://www.prodefence.org/sality-rootkit-analysis/
-1175-RootKit Hook Analyzer:
https://www.resplendence.com/hookanalyzer/
-1176-Behavioral Analysis of Rootkit Malware:
-1177-Malware Memory Analysis of the IVYL Linux Rootkit:
https://apps.dtic.mil/docs/citations/AD1004349
-1178-Analysis of the KNARK rootkit :
-1179-32 Bit Windows Kernel Mode Rootkit Lab Setup with INetSim :
-1180-Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques:
-1181-Code & Process Injection - Red Teaming Experiments:
-1182-What Malware Authors Don't want you to know:
-1183-.NET Process Injection:
-1184-Memory Injection like a Boss :
https://www.countercept.com/blog/memory-injection-like-a-boss/
-1185-Process injection - Malware style:
https://www.slideshare.net/demeester1/process-injection
-1186-Userland API Monitoring and Code Injection Detection:
-1187-Unpacking Redaman Malware & Basics of Self-Injection Packers:
-1188-Code injection on macOS:
-1189-(Shell)Code Injection In Linux Userland :
https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md
-1190-Code injection on Windows using Python:
-1191-What is Reflective DLL Injection and how can be detected?:
-1192-Windows Process Injection:
-1193-A+ cheat sheet:
https://www.slideshare.net/abnmi/a-cheat-sheet
-1194-A Bettercap Tutorial — From Installation to Mischief:
https://danielmiessler.com/study/bettercap/
-1195-Debugging Malware with WinDbg:
https://www.ixiacom.com/company/blog/debugging-malware-windbg
-1195-Malware analysis, my own list of tools and resources:
-1196-Getting Started with Reverse Engineering:
-1197-Debugging malicious windows scriptlets with Google chrome:
-1198-Intro to Radare2 for Malware Analysis:
-1199-Intro to Malware Analysis and Reverse Engineering:
https://www.cybrary.it/course/malware-analysis/
-1200-Common Malware Persistence Mechanisms:
-1201-Finding Registry Malware Persistence with RECmd:
-1202-Windows Malware Persistence Mechanisms :
-1203- persistence techniques:
-1204- Persistence Mechanism - an overview | ScienceDirect Topics:
-1205-Malware analysis for Linux:
https://www.sothis.tech/en/malware-analysis-for-linux-wirenet/
-1206-Linux Malware Persistence with Cron:
-1207-What is advanced persistent threat (APT)? :
-1208-Malware Analysis, Part 1: Understanding Code Obfuscation :
-1209-Top 6 Advanced Obfuscation Techniques:
-1210-Malware Obfuscation Techniques:
https://dl.acm.org/citation.cfm?id=1908903
-1211-How Hackers Hide Their Malware: Advanced Obfuscation:
-1212-Malware obfuscation techniques: four simple examples:
-1213-Malware Monday: Obfuscation:
-1213-Challenge of Malware Analysis: Malware obfuscation Techniques:
https://www.ijiss.org/ijiss/index.php/ijiss/article/view/327
-1214-Static Malware Analysis - Infosec Resources:
-1215-Malware Basic Static Analysis:
-1216-Difference Between Static Malware Analysis and Dynamic Malware Analysis:
-1217-What is Malware Analysis | Different Tools for Malware Analysis:
-1218-Detecting Malware Pre-execution with Static Analysis and Machine Learning:
-1219-Limits of Static Analysis for Malware Detection:
https://ieeexplore.ieee.org/document/4413008
-1220-Kernel mode versus user mode:
-1221-Understanding the ELF:
-1222-Windows Privilege Abuse: Auditing, Detection, and Defense:
-1223-First steps to volatile memory analysis:
-1224-Maliciously Mobile: A Brief History of Mobile Malware:
-1225-Modern Binary Exploitation Writeups 0x01:
-1226-Exploit Development 01 — Terminology:
-1227-Zero-day exploits: A cheat sheet for professionals:
-1228-Best google hacking list on the net:
https://pastebin.com/x5LVJu9T
-1229-Google Hacking:
https://pastebin.com/6nsVK5Xi
-1230-OSCP links:
https://pastebin.com/AiYV80uQ
-1231-Pentesting 1 Information gathering:
https://pastebin.com/qLitw9eT
-1232-OSCP-Survival-Guide:
https://pastebin.com/kdc6th08
-1233-Googledork:
https://pastebin.com/qKwU37BK
-1234-Exploit DB:
https://pastebin.com/De4DNNKK
-1235-Dorks:
https://pastebin.com/cfVcqknA
-1236-GOOGLE HACKİNG DATABASE:
https://pastebin.com/1ndqG7aq
-1237-Carding Dorks 2019:
https://pastebin.com/Hqsxu6Nn
-1238-17k Carding Dorks 2019:
https://pastebin.com/fgdZxy74
-1239-CARDING DORKS 2019:
https://pastebin.com/Y7KvzZqg
-1240-sqli dork 2019:
https://pastebin.com/8gdeLYvU
-1241-Private Carding Dorks 2018:
https://pastebin.com/F0KxkMMD
-1242-20K dorks list fresh full carding 2018:
https://pastebin.com/LgCh0NRJ
-1243-8k Carding Dorks :):
https://pastebin.com/2bjBPiEm
-1244-8500 SQL DORKS:
https://pastebin.com/yeREBFzp
-1245-REAL CARDING DORKS:
https://pastebin.com/0kMhA0Gb
-1246-15k btc dorks:
https://pastebin.com/zbbBXSfG
-1247-Sqli dorks 2016-2017:
https://pastebin.com/7TQiMj3A
-1248-Here is kind of a tutorial on how to write google dorks.:
https://pastebin.com/hZCXrAFK
-1249-10k Private Fortnite Dorks:
https://pastebin.com/SF9UmG1Y
-1250-find login panel dorks:
https://pastebin.com/9FGUPqZc
-1251-Shell dorks:
https://pastebin.com/iZBFQ5yp
-1252-HQ PAID GAMING DORKS:
https://pastebin.com/vNYnyW09
-1253-10K HQ Shopping DORKS:
https://pastebin.com/HTP6rAt4
-1254-Exploit Dorks for Joomla,FCK and others 2015 Old but gold:
https://pastebin.com/ttxAJbdW
-1255-Gain access to unsecured IP cameras with these Google dorks:
https://pastebin.com/93aPbwwE
-1256-new fresh dorks:
https://pastebin.com/ZjdxBbNB
-1257-SQL DORKS FOR CC:
https://pastebin.com/ZQTHwk2S
-1258-Wordpress uploadify Dorks Priv8:
https://pastebin.com/XAGmHVUr
-1259-650 DORKS CC:
https://pastebin.com/xZHARTyz
-1260-3k Dorks Shopping:
https://pastebin.com/e1XiNa8M
-1261-DORKS 2018 :
https://pastebin.com/YAZkPJ0j
-1262-HQ FORTNITE DORKS LIST:
https://pastebin.com/rzhiNad8
-1263-HQ PAID DORKS MIXED GAMING LOL STEAM ..MUSIC SHOPING:
https://pastebin.com/VwVpAvj2
-1264-Camera dorks:
https://pastebin.com/fsARft2j
-1265-Admin Login Dorks:
https://pastebin.com/HWWNZCph
-1266-sql gov dorks:
https://pastebin.com/C8wqyNW8
-1267-10k hq gaming dorks:
https://pastebin.com/cDLN8edi
-1268-HQ SQLI Google Dorks For Shops/Amazon! Enjoy! :
https://pastebin.com/y59kK2h0
-1269-Dorks:
https://pastebin.com/PKvZYMAa
-1270-10k btc dorks:
https://pastebin.com/vRnxvbCu
-1271-7,000 Dorks for hacking into various sites:
https://pastebin.com/n8JVQv3X
-1272-List of information gathering search engines/tools etc:
https://pastebin.com/GTX9X5tF
-1273-FBOSINT:
https://pastebin.com/5KqnFS0B
-1274-Ultimate Penetration Testing:
https://pastebin.com/4EEeEnXe
-1275-massive list of information gathering search engines/tools :
https://pastebin.com/GZ9TVxzh
-1276-CEH Class:
https://pastebin.com/JZdCHrN4
-1277-CEH/CHFI Bundle Study Group Sessions:
https://pastebin.com/XTwksPK7
-1278-OSINT - Financial:
https://pastebin.com/LtxkUi0Y
-1279-Most Important Security Tools and Resources:
https://pastebin.com/cGE8rG04
-1280-OSINT resources from inteltechniques.com:
https://pastebin.com/Zbdz7wit
-1281-Red Team Tips:
https://pastebin.com/AZDBAr1m
-1282-OSCP Notes by Ash:
https://pastebin.com/wFWx3a7U
-1283-OSCP Prep:
https://pastebin.com/98JG5f2v
-1284-OSCP Review/Cheat Sheet:
https://pastebin.com/JMMM7t4f
-1285-OSCP Prep class:
https://pastebin.com/s59GPJrr
-1286-Complete Anti-Forensics Guide:
https://pastebin.com/6V6wZK0i
-1287-The Linux Command Line Cheat Sheet:
https://pastebin.com/PUtWDKX5
-1288-Command-Line Log Analysis:
https://pastebin.com/WEDwpcz9
-1289-An A-Z Index of the Apple macOS command line (OS X):
https://pastebin.com/RmPLQA5f
-1290-San Diego Exploit Development 2018:
https://pastebin.com/VfwhT8Yd
-1291-Windows Exploit Development Megaprimer:
https://pastebin.com/DvdEW4Az
-1292-Some Free Reverse engineering resources:
https://pastebin.com/si2ThQPP
-1293-Sans:
https://pastebin.com/MKiSnjLm
-1294-Metasploit Next Level:
https://pastebin.com/0jC1BUiv
-1295-Just playing around....:
https://pastebin.com/gHXPzf6B
-1296-Red Team Course:
https://pastebin.com/YUYSXNpG
-1297-New Exploit Development 2018:
https://pastebin.com/xaRxgYqQ
-1298-Good reviews of CTP/OSCE (in no particular order)::
https://pastebin.com/RSPbatip
-1299-Vulnerability Research Engineering Bookmarks Collection v1.0:
https://pastebin.com/8mUhjGSU
-1300-Professional-hacker's Pastebin :
https://pastebin.com/u/Professional-hacker
-1301-Google Cheat Sheet:
http://www.googleguide.com/print/adv_op_ref.pdf
-1302-Shodan for penetration testers:
-1303-Linux networking tools:
https://gist.github.com/miglen/70765e663c48ae0544da08c07006791f
-1304-DNS spoofing with NetHunter:
https://cyberarms.wordpress.com/category/nethunter-tutorial/
-1305-Tips on writing a penetration testing report:
-1306-Technical penetration report sample:
-1307-Nessus sample reports:
https://www.tenable.com/products/nessus/sample-reports
-1308-Sample penetration testing report:
-1309-jonh-the-ripper-cheat-sheet:
-1310-ultimate guide to cracking foreign character passwords using hashcat:
-1311-Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III:
-1312-cracking story how i cracked over 122 million sha1 and md5 hashed passwords:
-1313-CSA (Cloud Security Alliance) Security White Papers:
https://cloudsecurityalliance.org/download/
-1314-NIST Security Considerations in the System Development Life Cycle:
-1315-ISO 29100 information technology security techniques privacy framework:
https://www.iso.org/standard/45123.html
-1316-NIST National Checklist Program:
https://nvd.nist.gov/ncp/repository
-1317-OWASP Guide to Cryptography:
https://www.owasp.org/index.php/Guide_to_Cryptography
-1318-NVD (National Vulnerability Database):
https://nvd.nist.gov/
-1319-CVE details:
https://cvedetails.com/
-1320-CIS Cybersecurity Tools:
https://www.cisecurity.org/cybersecurity-tools/
-1321-Security aspects of virtualization by ENISA:
-1322-CIS Benchmarks also provides a security guide for VMware, Docker, and Kubernetes:
https://www.cisecurity.org/cis-benchmarks/
-1323-OpenStack's hardening of the virtualization layer provides a secure guide to building the virtualization layer:
-1324-Docker security:
https://docs.docker.com/engine/security/security/
-1325-Microsoft Security Development Lifecycle:
http://www.microsoft.com/en-us/SDL/
-1326-OWASP SAMM Project:
https://www.owasp.org/index.php/OWASP_SAMM_Project
-1327-CWE/SANS Top 25 Most Dangerous Software Errors:
https://cwe.mitre.org/top25/
-1329-OWASP Vulnerable Web Applications Directory Project:
-1330-CERT Secure Coding Standards:
-1331-NIST Special Publication 800-53:
https://nvd.nist.gov/800-53
-1332-SAFECode Security White Papers:
https://safecode.org/publications/
-1333-Microsoft Threat Modeling tool 2016:
https://aka.ms/tmt2016/
-1334-Apache Metron for real-time big data security:
http://metron.apache.org/documentation/
-1335-Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process:
-1336-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:
-1337-ITU-T X.805 (10/2003) Security architecture for systems providing end- to-end communications:
-1338-ETSI TS 102 165-1 V4.2.1 (2006-12) : Method and proforma for Threat, Risk, Vulnerability Analysis:
-1339-SAFECode Fundamental Practices for Secure Software Development:
-1340-NIST 800-64 Security Considerations in the System Development Life Cycle:
https://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final
-1341-SANS A Security Checklist for Web Application Design:
-1342-Best Practices for implementing a Security Awareness Program:
-1343-ETSI TS 102 165-1 V4.2.1 (2006-12): Method and proforma for Threat, Risk, Vulnerability Analysis:
-1344-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:
https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final
-1345-SafeCode Tactical Threat Modeling:
-1346-SANS Web Application Security Design Checklist:
-1347-Data Anonymization for production data dumps:
https://github.com/sunitparekh/data-anonymization
-1348-SANS Continuous Monitoring—What It Is, Why It Is Needed, and How to Use It:
-1349-Guide to Computer Security Log Management:
https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=50881
-1350-Malware Indicators:
https://github.com/citizenlab/malware-indicators
-1351-OSINT Threat Feeds:
https://www.circl.lu/doc/misp/feed-osint/
-1352-SANS How to Use Threat Intelligence effectively:
-1353-NIST 800-150 Guide to Cyber Threat Information Sharing:
-1354-Securing Web Application Technologies Checklist:
https://software-security.sans.org/resources/swat
-1355-Firmware Security Training:
-1356-Burp Suite Bootcamp:
https://pastebin.com/5sG7Rpg5
-1357-Web app hacking:
https://pastebin.com/ANsw7WRx
-1358-XSS Payload:
https://pastebin.com/EdxzE4P1
-1359-XSS Filter Evasion Cheat Sheet:
https://pastebin.com/bUutGfSy
-1360-Persistence using RunOnceEx – Hidden from Autoruns.exe:
-1361-Windows Operating System Archaeology:
-1362-How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky:
-1363-Malware Analysis using Osquery :
-1364-Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals :
-1365-Userland registry hijacking:
https://3gstudent.github.io/Userland-registry-hijacking/
-1366-Malware Hiding Techniques to Watch for: AlienVault Labs:
-1367- Full text of "Google hacking for penetration testers" :
-1368- Full text of "Long, Johnny Google Hacking For Penetration Testers" :
-1369- Full text of "Coding For Penetration Testers" :
-1370- Full text of "Hacking For Dummies" :
-1371-Full text of "Wiley. Hacking. 5th. Edition. Jan. 2016. ISBN. 1119154685. Profescience.blogspot.com" :
-1372- Full text of "Social Engineering The Art Of Human Hacking" :
-1373- Full text of "CYBER WARFARE" :
-1374-Full text of "NSA DOCID: 4046925 Untangling The Web: A Guide To Internet Research" :
-1375- Full text of "sectools" :
-1376- Full text of "Aggressive network self-defense" :
-1377-Community Texts:
-1378- Full text of "Cyber Spying - Tracking (sometimes).PDF (PDFy mirror)" :
-1379- Full text of "Enzyclopedia Of Cybercrime" :
-1380- Full text of "Information Security Management Handbook" :
-1381- Full text of "ARMArchitecture Reference Manual" :
-1382- Full text of "Metasploit The Penetration Tester S Guide" :
-1383-Tips & tricks to master Google’s search engine:
-1384-Ethical Google Hacking - Sensitive Doc Dork (Part 2) :
-1385- Google Hacking Secrets:the Hidden Codes of Google :
-1386-google hacking:
https://www.slideshare.net/SamNizam/3-google-hacking
-1387-How Penetration Testers Use Google Hacking:
-1388-Free Automated Malware Analysis Sandboxes and Services:
https://zeltser.com/automated-malware-analysis/
-1389-How to get started with Malware Analysis and Reverse Engineering:
-1390-Handy Tools And Websites For Malware Analysis:
-1391-Dynamic Malware Analysis:
https://prasannamundas.com/share/dynamic-malware-analysis/
-1392-Intro to Radare2 for Malware Analysis:
-1393-Detecting malware through static and dynamic techniques:
-1394-Malware Analysis Tutorial : Tricks for Confusing Static Analysis Tools:
-1395-Malware Analysis Lab At Home In 5 Steps:
-1396-Malware Forensics Guide - Static and Dynamic Approach:
-1397-Top 30 Bug Bounty Programs in 2019:
https://www.guru99.com/bug-bounty-programs.html
-1398-Introduction - Book of BugBounty Tips:
https://gowsundar.gitbook.io/book-of-bugbounty-tips/
-1399-List of bug bounty writeups:
https://pentester.land/list-of-bug-bounty-writeups.html
-1400-Tips From A Bugbounty Hunter:
https://www.secjuice.com/bugbounty-hunter/
-1401-Cross Site Scripting (XSS) - Book of BugBounty Tips:
-1402-BugBountyTips:
https://null0xp.wordpress.com/tag/bugbountytips/
-1403-Xss Filter Bypass Payloads:
www.oroazteca.net/mq67/xss-filter-bypass-payloads.html
-1404-Bug Bounty Methodology:
-1405-GDB cheat-sheet for exploit development:
www.mannulinux.org/2017/01/gdb-cheat-sheet-for-exploit-development.html
-1406-A Study in Exploit Development - Part 1: Setup and Proof of Concept :
-1407-Exploit development tutorial :
-1408-exploit code development:
-1409-“Help Defeat Denial of Service Attacks: Step-by-Step”:
http://www.sans.org/dosstep/
-1410-Internet Firewalls: Frequently Asked Questions:
http://www.interhack.net/pubs/fwfaq/
-1411-Service Name and Transport Protocol Port Number:
http://www.iana.org/assignments/port-numbers
-1412-10 Useful Open Source Security Firewalls for Linux Systems:
-1413-40 Linux Server Hardening Security Tips:
https://www.cyberciti.biz/tips/linux-security.html
-1414-Linux hardening: A 15-step checklist for a secure Linux server :
-1415-25 Hardening Security Tips for Linux Servers:
https://www.tecmint.com/linux-server-hardening-security-tips/
-1416-How to Harden Unix/Linux Systems & Close Security Gaps:
-1417-34 Linux Server Security Tips & Checklists for Sysadmins:
https://www.process.st/server-security/
-1418-Linux Hardening:
https://www.slideshare.net/MichaelBoelen/linux-hardening
-1419-23 Hardening Tips to Secure your Linux Server:
-1420-What is the Windows Registry? :
https://www.computerhope.com/jargon/r/registry.htm
-1421-Windows Registry, Everything You Need To Know:
https://www.gammadyne.com/registry.htm
-1422-Windows Registry Tutorial:
https://www.akadia.com/services/windows_registry_tutorial.html
-1423-5 Tools to Scan a Linux Server for Malware and Rootkits:
https://www.tecmint.com/scan-linux-for-malware-and-rootkits/
-1424-Subdomain takeover dew to missconfigured project settings for Custom domain .:
-1425-Massive Subdomains p0wned:
-1426-Subdomain Takeover: Basics:
https://0xpatrik.com/subdomain-takeover-basics/
-1427-Subdomain Takeover: Finding Candidates:
https://0xpatrik.com/subdomain-takeover-candidates/
-1428-Bugcrowd's Domain & Subdomain Takeover!:
https://bugbountypoc.com/bugcrowds-domain-takeover/
-1429-What Are Subdomain Takeovers, How to Test and Avoid Them?:
-1430-Finding Candidates for Subdomain Takeovers:
https://jarv.is/notes/finding-candidates-subdomain-takeovers/
-1431-Subdomain takeover of blog.snapchat.com:
-1432-Hostile Subdomain takeove:
https://labs.detectify.com/tag/hostile-subdomain-takeover/
-1433-Microsoft Account Takeover Vulnerability Affecting 400 Million Users:
https://www.safetydetective.com/blog/microsoft-outlook/
-1434-What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?:
-1435-Subdomain takeover detection with AQUATONE:
-1436-A hostile subdomain takeover! – Breaking application security:
-1437-Web Development Reading List:
-1438-CSRF Attack can lead to Stored XSS:
-1439-What is Mimikatz: The Beginner's Guide | Varonis:
https://www.varonis.com/bog/what-is-mimikatz
-1440-Preventing Mimikatz Attacks :
-1441-Mimikatz tutorial: How it hacks Windows passwords, credentials:
-1442-Mimikatz: Walkthrough [Updated 2019]:
https://resources.infosecinstitute.com/mimikatz-walkthrough/
-1443-Mimikatz -Windows Tutorial for Beginner:
-1444-Mitigations against Mimikatz Style Attacks:
-1445-Exploring Mimikatz - Part 1 :
https://blog.xpnsec.com/exploring-mimikatz-part-1/
-1446-Powershell AV Evasion. Running Mimikatz with PowerLine:
-1447-How to Steal Windows Credentials with Mimikatz and Metasploit:
https://www.hackingloops.com/mimikatz/
-1448-Retrieving NTLM Hashes without touching LSASS:
-1449-From Responder to NT Authority\SYSTEM:
-1450-Getting Creds via NTLMv2:
-1451-Living off the land: stealing NetNTLM hashes:
-1452-(How To) Using Responder to capture passwords on a Windows:
-1453-Pwning with Responder - A Pentester's Guide:
-1454-LLMNR and NBT-NS Poisoning Using Responder:
-1455-Responder - Ultimate Guide :
-1456-Responder - CheatSheet:
-1457-LM, NTLM, Net-NTLMv2, oh my! :
-1458-SMB Relay Attack Tutorial:
https://intrinium.com/smb-relay-attack-tutorial
-1459-Cracking NTLMv2 responses captured using responder:
-1460-Skip Cracking Responder Hashes and Relay Them:
-1461-Metasploit's First Antivirus Evasion Modules:
-1462-Evading Anti-virus Part 1: Infecting EXEs with Shellter:
https://www.hackingloops.com/evading-anti-virus-shellter/
-1463-Evading AV with Shellter:
-1464-Shellter-A Shellcode Injecting Tool :
-1465-Bypassing antivirus programs using SHELLTER:
https://myhackstuff.com/shellter-bypassing-antivirus-programs/
-1466-John the Ripper step-by-step tutorials for end-users :
openwall.info/wiki/john/tutorials
-1467-Beginners Guide for John the Ripper (Part 1):
-1468-John the Ripper Basics Tutorial:
https://ultimatepeter.com/john-the-ripper-basics-tutorial/
-1469-Crack Windows password with john the ripper:
-1470-Getting Started Cracking Password Hashes with John the Ripper :
-1471-Shell code exploit with Buffer overflow:
-1472-Shellcoding for Linux and Windows Tutorial :
www.vividmachines.com/shellcode/shellcode.html
-1473-Buffer Overflow Practical Examples :
https://0xrick.github.io/binary-exploitation/bof5/
-1474-Msfvenom shellcode analysis:
https://snowscan.io/msfvenom-shellcode-analysis/
-1475-Process Continuation Shellcode:
https://azeria-labs.com/process-continuation-shellcode/
-1476-Dynamic Shellcode Execution:
https://www.countercept.com/blog/dynamic-shellcode-execution/
-1477-Tutorials: Writing shellcode to binary files:
https://www.fuzzysecurity.com/tutorials/7.html
-1478-Creating Shellcode for an Egg Hunter :
-1479-How to: Shellcode to reverse bind a shell with netcat :
www.hackerfall.com/story/shellcode-to-reverse-bind-a-shell-with-netcat
-1480-Bashing the Bash — Replacing Shell Scripts with Python:
-1481-How to See All Devices on Your Network With nmap on Linux:
-1482-A Complete Guide to Nmap:
https://www.edureka.co/blog/nmap-tutorial/
-1483-Nmap from Beginner to Advanced :
https://resources.infosecinstitute.com/nmap/
-1484-Using Wireshark: Identifying Hosts and Users:
-1485-tshark tutorial and filter examples:
https://hackertarget.com/tshark-tutorial-and-filter-examples/
-1486-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:
https://www.guru99.com/fuzz-testing.html
-1487-Tutorial: Dumb Fuzzing - Peach Community Edition:
community.peachfuzzer.com/v3/TutorialDumbFuzzing.html
-1488-HowTo: ExploitDev Fuzzing:
https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/
-1489-Fuzzing with Metasploit:
https://www.corelan.be/?s=fuzzing
-1490-Fuzzing – how to find bugs automagically using AFL:
9livesdata.com/fuzzing-how-to-find-bugs-automagically-using-afl/
-1491-Introduction to File Format Fuzzing & Exploitation:
-1492-0x3 Python Tutorial: Fuzzer:
https://www.primalsecurity.net/0x3-python-tutorial-fuzzer/
-1493-Hunting For Bugs With AFL:
https://research.aurainfosec.io/hunting-for-bugs-101/
-1494-Fuzzing: The New Unit Testing:
-1495-Fuzzing With Peach Framework:
-1496-How we found a tcpdump vulnerability using cloud fuzzing:
-1497-Finding a Fuzzer: Peach Fuzzer vs. Sulley:
-1498-Android malware analysis:
-1499-15+ Malware Analysis Tools & Techniques :
https://www.template.net/business/tools/malware-analysis/
-1500-30 Online Malware Analysis Sandboxes / Static Analyzers:
-1501-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:
-1502-Cheat Sheets - SANS Digital Forensics:
https://digital-forensics.sans.org/community/cheat-sheets
-1503-Breach detection with Linux filesystem forensics:
https://opensource.com/article/18/4/linux-filesystem-forensics
-1504-Digital Forensics Cheat Sheets Collection :
-1505-Security Incident Survey Cheat Sheet for Server Administrators:
https://zeltser.com/security-incident-survey-cheat-sheet/
-1506-Digital forensics: A cheat sheet :
-1507-Windows Registry Forensics using 'RegRipper' Command-Line on Linux:
https://www.pinterest.cl/pin/794815034207804059/
-1508-Windows IR Live Forensics Cheat Sheet:
-1509-10 Best Known Forensics Tools That Works on Linux:
https://linoxide.com/linux-how-to/forensics-tools-linux/
-1510-Top 20 Free Digital Forensic Investigation Tools for SysAdmins:
-1511-Windows Volatile Memory Acquisition & Forensics 2018:
-1512-PowerShell Cheat Sheet :
https://www.digitalforensics.com/blog/powershell-cheat-sheet-2/
-1513-Forensic Artifacts: evidences of program execution on Windows systems:
-1514-How to install a CPU?:
-1515-How To Upgrade and Install a New CPU or Motherboard:
-1516-Installing and Troubleshooting CPUs:
www.pearsonitcertification.com/articles/article.aspx?p=1681054&seqNum=2
-1517-15 FREE Pastebin Alternatives You Can Use Right Away:
https://www.rootreport.com/pastebin-alternatives/
-1518-Basic computer troubleshooting steps:
https://www.computerhope.com/basic.htm
-1519-18 Best Websites to Learn Computer Troubleshooting and Tech support:
-1520-Post Exploitation with PowerShell Empire 2.3.0 :
-1521-Windows Persistence with PowerShell Empire :
-1522-powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial:
-1523-Bypassing Anti-Virtus & Hacking Windows 10 Using Empire :
-1524-Hacking with Empire – PowerShell Post-Exploitation Agent :
-1525-Hacking Windows Active Directory Full guide:
www.kalitut.com/hacking-windows-active-directory-full.html
-1526-PowerShell Empire for Post-Exploitation:
https://www.hackingloops.com/powershell-empire/
-1527-Generate A One-Liner – Welcome To LinuxPhilosophy!:
linuxphilosophy.com/rtfm/more/empire/generate-a-one-liner/
-1528-CrackMapExec - Ultimate Guide:
-1529-PowerShell Logging and Security:
-1530-Create your own FUD Backdoors with Empire:
-1531-PowerShell Empire Complete Tutorial For Beginners:
-1532-Bash Bunny: Windows Remote Shell using Metasploit & PowerShell:
-1533-Kerberoasting - Stealing Service Account Credentials:
https://www.scip.ch/en/?labs.20181011
-1534-Automating Mimikatz with Empire and DeathStar :
-1535-Windows oneliners to get shell :
-1536-ObfuscatedEmpire :
https://cobbr.io/ObfuscatedEmpire.html
-1537-Pentesting with PowerShell in six steps:
-1538-Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM):
-1539-PowerShell Security Best Practices:
-1540-You can detect PowerShell attacks:
-1541-Detecting and Preventing PowerShell Attacks:
-1542-Detecting Offensive PowerShell Attack Tools – Active Directory Security:
https://adsecurity.org/?p=2604
-1543-An Internal Pentest Audit Against Active Directory:
https://www.exploit-db.com/docs/46019
-1544-A complete Active Directory Penetration Testing Checklist :
-1545-Active Directory | Penetration Testing Lab:
https://pentestlab.blog/tag/active-directory/
-1546-Building and Attacking an Active Directory lab with PowerShell :
-1547-Penetration Testing in Windows Server Active Directory using Metasploit:
-1548-Red Team Penetration Testing – Going All the Way (Part 2 of 3) :
-1549-Penetration Testing Active Directory, Part II:
https://www.jishuwen.com/d/2Mtq
-1550-Gaining Domain Admin from Outside Active Directory:
-1551-Post Exploitation Cheat Sheet:
-1552-Windows post-exploitation :
https://github.com/emilyanncr/Windows-Post-Exploitation
-1553-OSCP - Windows Post Exploitation :
-1554-Windows Post-Exploitation Command List:
-1555-Windows Post-Exploitation Command List:
-1556-Linux Post-Exploitation · OSCP - Useful Resources:
-1557-Pentesting Cheatsheet:
https://anhtai.me/pentesting-cheatsheet/
-1558-Pentesting Cheatsheets - Red Teaming Experiments:
-1559-OSCP Goldmine:
http://0xc0ffee.io/blog/OSCP-Goldmine
-1560-Linux Post Exploitation Cheat Sheet:
http://red-orbita.com/?p=8455
-1562-OSCP useful resources and tools:
https://acknak.fr/en/articles/oscp-tools/
-1563-Windows Post-Exploitation Command List :
-1564-Metasploit Cheat Sheet:
https://pentesttools.net/metasploit-cheat-sheet/
-1565-Windows Privilege Escalation:
https://awansec.com/windows-priv-esc.html
-1566-Linux Unix Bsd Post Exploitation:
https://attackerkb.com/Unix/LinuxUnixBSD_Post_Exploitation
-1567-Privilege Escalation & Post-Exploitation:
-1568-Metasploit Cheat Sheet:
https://vk-intel.org/2016/12/28/metasploit-cheat-sheet/
-1569-Metasploit Cheat Sheet :
-1570-Privilege escalation: Linux:
-1571-Cheat Sheets — Amethyst Security:
https://www.ssddcyber.com/cheatsheets
-1572-Responder - CheatSheet:
-1573-Cheatsheets:
https://h4ck.co/wp-content/uploads/2018/06/cheatsheet.txt
-1574-Are you ready for OSCP?:
https://www.hacktoday.io/t/are-you-ready-for-oscp/59
-1575-Windows Privilege Escalation:
https://labs.p64cyber.com/windows-privilege-escalation/
-1576-A guide to Linux Privilege Escalation:
https://payatu.com/guide-linux-privilege-escalation/
-1577-Windows Post-Exploitation-Cheat-Sheet:
-1578-Windows Privilege Escalation (privesc) Resources:
-1579-Dissecting Mobile Malware:
https://slideplayer.com/slide/3434519/
-1580-Android malware analysis with Radare: Dissecting the Triada Trojan:
www.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triad/
-1581-Dissecting Mobile Native Code Packers:
-1582-What is Mobile Malware? Defined, Explained, and Explored:
https://www.forcepoint.com/cyber-edu/mobile-malware
-1583-Malware Development — Professionalization of an Ancient Art:
-1584-Weaponizing Malware Code Sharing with Cythereal MAGIC:
https://medium.com/@arun_73782/cythereal-magic-e68b0c943b1d
-1585-Web App Pentest Cheat Sheet:
-1586-The USB Threat is [Still] Real — Pentest Tools for Sysadmins, Continued:
-1587-How to Run An External Pentest:
-1588-Advice for new pentesters:
-1589-NodeJS Application Pentest Tips:
-1590-How to combine Pentesting with Automation to improve your security:
-1591-Day 79: FTP Pentest Guide:
-1592-SigintOS: A Wireless Pentest Distro Review:
-1593-Conducting an IoT Pentest :
https://medium.com/p/6fa573ac6668?source=user_profile...
-1594-Efficient way to pentest Android Chat Applications:
-1595-APT2 - Automated PenTest Toolkit :
https://medium.com/media/f1cf43d92a17d5c4c6e2e572133bfeed/href
-1596-Pentest Tools and Distros:
-1597-Keeping notes during a pentest/security assessment/code review:
-1598-An intro to pentesting an Android phone:
-1599-The Penetration Testing Report:
-1600-VA vs Pentest:
-1601-Pentest: Hacking WPA2 WiFi using Aircrack on Kali Linux:
-1602-Pentesting Ethereum dApps:
-1603-Android pentest lab in a nutshell :
-1604-Pentest Magazine: Web Scraping with Python :
-1605-Pentesting iOS apps without jailbreak:
-1606-OSCP/Pen Testing Resources:
-1607-Web Application Security & Bug Bounty (Methodology, Reconnaissance, Vulnerabilities, Reporting):
-1608-Local File Inclusion (LFI) — Web Application Penetration Testing:
-1609-Local File Inclusion (Basic):
-1610-PHP File Inclusion Vulnerability:
https://www.immuniweb.com/vulnerability/php-file-inclusion.html
-1611-Local File Inclusion:
https://teambi0s.gitlab.io/bi0s-wiki/web/lfi/
-1612-Web Application Penetration Testing: Local File Inclusion:
-1613-From Local File Inclusion to Code Execution :
-1614-RFI / LFI:
-1615-From Local File Inclusion to Remote Code Execution - Part 2:
-1616-Local File Inclusion:
-1617-Beginner Guide to File Inclusion Attack (LFI/RFI) :
-1618-LFI / RFI:
https://secf00tprint.github.io/blog/payload-tester/lfirfi/en
-1619-LFI and RFI Attacks - All You Need to Know:
-1620-Log Poisoning - LFI to RCE :
http://liberty-shell.com/sec/2018/05/19/poisoning/
-1621-LFI:
https://www.slideshare.net/cyber-punk/lfi-63050678
-1622-Hand Guide To Local File Inclusion(LFI):
www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html
-1623-Local File Inclusion (LFI) - Cheat Sheet:
https://ironhackers.es/herramientas/lfi-cheat-sheet/
-1624-Web Application Penetration Testing Local File Inclusion (LFI):
https://www.cnblogs.com/Primzahl/p/6258149.html
-1625-File Inclusion Vulnerability Prevention:
-1626-The Most In-depth Hacker's Guide:
https://books.google.com/books?isbn=1329727681
-1627-Hacking Essentials: The Beginner's Guide To Ethical Hacking:
https://books.google.com/books?id=e6CHDwAAQBAJ
-1628-Web App Hacking, Part 11: Local File Inclusion:
-1629-Local and remote file inclusion :
-1630-Upgrade from LFI to RCE via PHP Sessions :
-1631-CVV #1: Local File Inclusion:
-1632-(PDF) Cross Site Scripting (XSS) in Action:
-1633-XSS exploitation part 1:
www.securityidiots.com/Web-Pentest/XSS/xss-exploitation-series-part-1.html
-1634-Weaponizing self-xss:
https://silentbreaksecurity.com/weaponizing-self-xss/
-1635-Cookie Tracking and Stealing using Cross-Site Scripting:
-1636-Defense against the Black Arts:
https://books.google.com/books?isbn=1439821224
-1637-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:
https://www.acunetix.com/websitesecurity/csrf-attacks/
-1638-Bypassing CSRF protection:
https://www.bugbountynotes.com/training/tutorial?id=5
-1639-Stealing CSRF tokens with XSS:
https://digi.ninja/blog/xss_steal_csrf_token.php
-1640-Same Origin Policy and ways to Bypass:
-1641-Bypassing Same Origin Policy :
-1642-Client-Side Attack - an overview :
-1643-Client-Side Injection Attacks:
https://blog.alertlogic.com/blog/client-side-injection-attacks/
-1645-The Client-Side Battle Against JavaScript Attacks Is Already Here:
-1646-Why Let’s Encrypt is a really, really, really bad idea:
-1647-Huge Guide to Client-Side Attacks:
https://www.notion.so/d382649cfebd4c5da202677b6cad1d40
-1648-OSCP Prep – Episode 11: Client Side Attacks:
-1649-Client side attack - AV Evasion:
-1650-Client-Side Attack With Metasploit (Part 4):
-1651-Ransomware: Latest Developments and How to Defend Against Them:
https://www.recordedfuture.com/latest-ransomware-attacks/
-1652-Cookie Tracking and Stealing using Cross-Site Scripting:
-1653-How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords:
-1654-How I was able to steal cookies via stored XSS in one of the famous e-commerce site:
-1655-Steal victim's cookie using Cross Site Scripting (XSS) :
-1656-Remote Code Execution — Damn Vulnerable Web Application(DVWA) - Medium level security:
-1657-Remote Command Execution:
https://hacksland.net/remote-command-execution/
-1658-DevOops — An XML External Entity (XXE) HackTheBox Walkthrough:
-1659-XML External Entity - Beyond /etc/passwd (For Fun & Profit):
-1660-XXE - ZeroSec - Adventures In Information Security:
https://blog.zsec.uk/out-of-band-xxe-2/
-1661-Exploitation: XML External Entity (XXE) Injection:
-1662-Hack The Box: DevOops:
https://redteamtutorials.com/2018/11/11/hack-the-box-devoops/
-1663-Web Application Penetration Testing Notes:
-1664-WriteUp – Aragog (HackTheBox) :
https://ironhackers.es/en/writeups/writeup-aragog-hackthebox/
-1665-Linux Privilege Escalation Using PATH Variable:
-1666-Linux Privilege Escalation via Automated Script :
-1667-Privilege Escalation - Linux :
-1668-Linux Privilege Escalation:
https://percussiveelbow.github.io/linux-privesc/
-1669-Perform Local Privilege Escalation Using a Linux Kernel Exploit :
-1670-Linux Privilege Escalation With Kernel Exploit:
-1671-Reach the root! How to gain privileges in Linux:
https://hackmag.com/security/reach-the-root/
-1672-Enumeration for Linux Privilege Escalation:
-1673-Linux Privilege Escalation Scripts :
https://netsec.ws/?p=309
-1674-Understanding Privilege Escalation:
www.admin-magazine.com/Articles/Understanding-Privilege-Escalation
-1675-Toppo:1 | Vulnhub Walkthrough:
-1676-Privilege Escalation resources:
-1678-OSCP Notes – Privilege Escalation (Linux):
-1679-Udev Exploit Allows Local Privilege Escalation :
-1680-Understanding Linux Privilege Escalation and Defending Against It:
-1681-Windows Privilege Escalation Using PowerShell:
-1682-Privilege Escalation | Azeria Labs:
https://azeria-labs.com/privilege-escalation/
-1683-Abusing SUDO (Linux Privilege Escalation):
https://touhidshaikh.com/blog/?p=790
-1684-Privilege Escalation - Linux:
-1685-0day Linux Escalation Privilege Exploit Collection :
-1686-Linux for Pentester: cp Privilege Escalation :
-1687-Practical Privilege Escalation Using Meterpreter:
-1688-dirty_sock: Linux Privilege Escalation (via snapd):
-1689-Linux privilege escalation:
https://jok3rsecurity.com/linux-privilege-escalation/
-1690-The Complete Meterpreter Guide | Privilege Escalation & Clearing Tracks:
-1691-How to prepare for PWK/OSCP, a noob-friendly guide:
https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
-1692-Basic Linux privilege escalation by kernel exploits:
https://greysec.net/showthread.php?tid=1355
-1693-Linux mount without root :
epaymentamerica.com/tozkwje/xlvkawj2.php?trjsef=linux-mount-without-root
-1694-Linux Privilege Escalation Oscp:
www.condadorealty.com/2h442/linux-privilege-escalation-oscp.html
-1695-Privilege Escalation Attack Tutorial:
-1696-Oscp Bethany Privilege Escalation:
-1697-Hacking a Website and Gaining Root Access using Dirty COW Exploit:
-1698-Privilege Escalation - Linux · Total OSCP Guide:
-1699-Linux advanced privilege escalation:
-1700-Local Linux privilege escalation overview:
https://myexperiments.io/linux-privilege-escalation.html
-1701-Windows Privilege Escalation Scripts & Techniques :
-1702-Penetration Testing: Maintaining Access:
-1703-Kali Linux Maintaining Access :
-1704-Best Open Source Tools for Maintaining Access & Tunneling:
https://n0where.net/maintaining-access
-1705-Maintaining Access Part 1: Introduction and Metasploit Example:
https://www.hackingloops.com/maintaining-access-metasploit/
-1706-Maintaining Access - Ethical hacking and penetration testing:
https://miloserdov.org/?cat=143
-1707-Maintaining Access with Web Backdoors [Weevely]:
-1708-Best Open Source MITM Tools: Sniffing & Spoofing:
https://n0where.net/mitm-tools
-1709-Cain and Abel - Man in the Middle (MITM) Attack Tool Explained:
-1710-Man In The Middle Attack (MITM):
-1711-Real-World Man-in-the-Middle (MITM) Attack :
https://ieeexplore.ieee.org/document/8500082
-1712-The Ultimate Guide to Man in the Middle Attacks :
-1713-How to Conduct ARP Spoofing for MITM Attacks:
-1714-How To Do A Man-in-the-Middle Attack Using ARP Spoofing & Poisoning:
-1715-Ettercap and middle-attacks tutorial :
https://pentestmag.com/ettercap-tutorial-for-windows/
-1716-How To Setup A Man In The Middle Attack Using ARP Poisoning:
-1717-Intro to Wireshark and Man in the Middle Attacks:
-1718-MiTM Attack with Ettercap:
-1719-Man in the Middle Attack with Websploit Framework:
https://www.yeahhub.com/man-middle-attack-websploit-framework/
-1720-SSH MitM Downgrade :
-1721-How to use Netcat for Listening, Banner Grabbing and Transferring Files:
-1722-Powershell port scanner and banner grabber:
-1723-What is banner grabbing attack:
https://rxkjftu.ga/sport/what-is-banner-grabbing-attack.php
-1724-Network penetration testing:
https://guif.re/networkpentest
-1725-NMAP Cheatsheet:
https://redteamtutorials.com/2018/10/14/nmap-cheatsheet/
-1726-How To Scan a Network With Nmap:
https://online-it.nu/how-to-scan-a-network-with-nmap/
-1727-Hacking Metasploitable : Scanning and Banner grabbing:
-1728-Penetration Testing of an FTP Server:
-1729-Nmap Usage & Cheet-Sheet:
https://aerroweb.wordpress.com/2018/03/14/namp-cheat-sheet/
-1730-Discovering SSH Host Keys with NMAP:
-1731-Banner Grabbing using Nmap & NetCat - Detailed Explanation:
https://techincidents.com/banner-grabbing-using-nmap-netcat
-1732-Nmap – (Vulnerability Discovery):
-1733-Penetration Testing on MYSQL (Port 3306):
-1774-Password Spraying - Infosec Resources :
https://resources.infosecinstitute.com/password-spraying/
-1775-Password Spraying- Common mistakes and how to avoid them:
-1776-Password Spraying Tutorial:
-1777-password spraying Archives:
https://www.blackhillsinfosec.com/tag/password-spraying/
-1778-The 21 Best Email Finding Tools::
https://beamery.com/blog/find-email-addresses
-1779-OSINT Primer: People (Part 2):
https://0xpatrik.com/osint-people/
-1780-Discovering Hidden Email Gateways with OSINT Techniques:
-1781-Top 20 Data Reconnaissance and Intel Gathering Tools :
https://securitytrails.com/blog/top-20-intel-tools
-1782-101+ OSINT Resources for Investigators [2019]:
-1783-Digging Through Someones Past Using OSINT:
-1784-Gathering Open Source Intelligence:
-1785-How to Locate the Person Behind an Email Address:
-1786-Find hacked email addresses and check breach mails:
-1787-A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password :
-1788-Top 10 OSINT Tools/Sources for Security Folks:
www.snoopysecurity.github.io/osint/2018/08/02/10_OSINT_for_security_folks.html
-1789-Top 5 Open Source OSINT Tools for a Penetration Tester:
https://www.breachlock.com/top-5-open-source-osint-tools/
-1790-Open Source Intelligence tools for social media: my own list:
-1791-Red Teaming: I can see you! Insights from an InfoSec expert :
https://www.perspectiverisk.com/i-can-see-you-osint/
-1792-OSINT Playbook for Recruiters:
https://amazinghiring.com/osint-playbook/
-1793- Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking:
-1794-Open Source Intelligence Gathering 201 (Covering 12 additional techniques):
-1795-Online Investigative Tools for Social Media Discovery and Locating People:
-1796-Expanding Skype Forensics with OSINT: Email Accounts:
-1798-2019 OSINT Guide:
https://www.randhome.io/blog/2019/01/05/2019-osint-guide/
-1799-OSINT - Passive Recon and Discovery of Assets:
-1800-OSINT With Datasploit:
https://dzone.com/articles/osint-with-datasploit
-1801-Building an OSINT Reconnaissance Tool from Scratch:
-1802-Find Identifying Information from a Phone Number Using OSINT Tools:
-1803-Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step):
-1804-Investigative tools for finding people online and keeping yourself safe:
-1805- Full text of "The Hacker Playbook 2 Practical Guide To Penetration Testing By Peter Kim":
-1806-The Internet Archive offers over 15,000,000 freely downloadable books and texts. There is also a collection of 550,000 modern eBooks that may be borrowed by anyone with a free archive.org account:
https://archive.org/details/texts?and%5B%5D=hacking&sin=
-1807-Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!:
-1808-How to Pass OSCP Like Boss:
-1809-Deploy a private Burp Collaborator Server in Azure:
-1810-Using Shodan Better Way! :):
-1811-How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty:
-1812-How we got LFI in apache Drill (Recon like a boss)::
-1813-Chaining Self XSS with UI Redressing is Leading to Session Hijacking:
-1814-Week in OSINT #2019–19:
-1814-Week in OSINT #2019–02:
-1815-Week in OSINT #2019–24:
-1816-Page Admin Disclosure | Facebook Bug Bounty 2019:
-1817-XSS in Edmodo within 5 Minute (My First Bug Bounty):
-1818-Collection Of Bug Bounty Tip-Will Be updated daily:
-1819-A Unique XSS Scenario in SmartSheet || $1000 bounty.:
-1820-How I found a simple bug in Facebook without any Test:
-1821-Facebook BugBounty — Disclosing page members:
-1822-Don’t underestimates the Errors They can provide good $$$ Bounty!:
-1823-Django and Web Security Headers:
-1824-Weaponising Staged Cross-Site Scripting (XSS) Payloads:
-1825-How I was able to Bypass XSS Protection on HackerOne’s Private Program:
-1826-XSS in Microsoft subdomain:
-1827-How Angular Protects Us From XSS Attacks?:
-1828-[FUN] Bypass XSS Detection WAF:
-1829-Bug Hunting Methodology(Part-2):
-1830-Learn Web Application Penetration Testing:
-1831-“Exploiting a Single Parameter”:
-1832-CORS To CSRF Attack:
https://blog.usejournal.com/cors-to-csrf-attack-c33a595d441
-1833-Account Takeover Using CSRF(json-based):
-1834-Bypassing Anti-CSRF with Burp Suite Session Handling:
https://bestestredteam.com/tag/anti-csrf/
-1835-10 Methods to Bypass Cross Site Request Forgery (CSRF):
-1836-Exploiting CSRF on JSON endpoints with Flash and redirects:
https://medium.com/p/681d4ad6b31b
-1837-Finding and exploiting Cross-site request forgery (CSRF):
-1838-Hacking Facebook accounts using CSRF in Oculus-Facebook integration:
-1839-Synchronizer Token Pattern: No more tricks:
https://medium.com/p/d2af836ccf71
-1840-The $12,000 Intersection between Clickjacking, XSS, and Denial of Service:
-1841-XML External Entity(XXE):
-1842-XXE Attacks— Part 1: XML Basics:
-1843-From XXE to RCE with PHP/expect — The Missing Link:
-1844-My first XML External Entity (XXE) attack with .gpx file:
-1845-Open Redirects & Security Done Right!:
-1846-XXE on Windows system …then what ??:
-1847-Unauthenticated Blind SSRF in Oracle EBS CVE-2018-3167:
-1848-SVG XLink SSRF fingerprinting libraries version:
-1849-What is XML Injection Attack:
-1850-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:
-1851-Penetration Testing Introduction: Scanning & Reconnaissance:
-1852-Beginner’s Guide to recon automation.:
-1853-Red Teamer’s Guide to Pulse Secure SSL VPN:
-1854-CVE-2019-15092 WordPress Plugin Import Export Users = 1.3.0 - CSV Injection:
-1855-How I harvested Facebook credentials via free wifi?:
-1856-How to hack any Payment Gateway?:
-1857-How I hacked into my neighbour’s WiFi and harvested login credentials?:
-1858-What do Netcat, SMTP and self XSS have in common? Stored XSS:
-1859-1-Click Account Takeover in Virgool.io — a Nice Case Study:
-1860-Digging into Android Applications — Part 1 — Drozer + Burp:
-1861-Linux for Pentester: APT Privilege Escalation:
-1862-Linux for Pentester : ZIP Privilege Escalation:
-1863-Koadic - COM Command & Control Framework:
-1864-Configure Sqlmap for WEB-GUI in Kali Linux :
-1865-Penetration Testing:
https://www.hackingarticles.in/Penetration-Testing
-1866-Buffer Overflow Examples, Code execution by shellcode :
https://0xrick.github.io/binary-exploitation/bof5
-1867-Dynamic Shellcode Execution:
https://www.countercept.com/blog/dynamic-shellcode-execution
-1868-JSC Exploits:
-1869-Injecting Into The Hunt:
https://jsecurity101.com/2019/Injecting-Into-The-Hunt
-1870-Bypassing Antivirus with Golang:
-1871-Windows Process Injection: Print Spooler:
-1872-Inject Shellcode Into Memory Using Unicorn :
-1873-Macros and More with SharpShooter v2.0:
-1874-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:
https://www.guru99.com/fuzz-testing
-1875-Introduction to File Format Fuzzing & Exploitation:
-1876-Hacking a social media account and safeguarding it:
-1877-OTP Bypass on India’s Biggest Video Sharing Site:
-1879-Getting Root on macOS via 3rd Party Backup Software:
-1880-How to Enumerate MYSQL Database using Metasploit:
-1881-Exploiting Insecure Firebase Database!
-1882-Penetration Testing - Complete Guide:
https://softwaretestinghelp.com/penetration-testing-guide
-1883-How To Upload A PHP Web Shell On WordPress Site:
-1884-Mimikatz tutorial: How it hacks Windows passwords, credentials:
-1885-Ethical hacking: Lateral movement techniques:
-1886-A Pivot Cheatsheet for Pentesters:
http://nullsweep.com/pivot-cheatsheet-for-pentesters
-1887-What to Look for When Reverse Engineering Android Apps:
-1888-Modlishka: Advance Phishing to Bypass 2 Factor Auth:
http://crackitdown.com/2019/02/modlishka-kali-linux.html
-1889-Bettercap Usage Examples (Overview, Custom setup, Caplets ):
www.cyberpunk.rs/bettercap-usage-examples-overview-custom-setup-caplets
-1890-The Complete Hashcat Tutorial:
https://ethicalhackingguru.com/the-complete-hashcat-tutorial
-1891-Wireless Wifi Penetration Testing Hacker Notes:
-1892-#BugBounty writeups:
https://pentester.land/list-of-bug-bounty-writeups.html
-1893-Kerberoasting attack:
https://en.hackndo.com/kerberoasting
-1894-A Pentester's Guide - Part 2 (OSINT - LinkedIn is not just for jobs):
-1895-Radare2 cutter tutorial:
http://cousbox.com/axflw/radare2-cutter-tutorial.html
-1896-Cracking Password Hashes with Hashcat:
-1897-From CSRF to RCE and WordPress-site takeover CVE-2020-8417:
http://blog.wpsec.com/csrf-to-rce-wordpress
-1898-Best OSINT Tools:
http://pcwdld.com/osint-tools-and-software
-1899-Metasploit Exploitation Tool 2020:
http://cybervie.com/blog/metasploit-exploitation-tool
-1900-How to exploit CVE-2020-7961:
-1901-PowerShell for Pentesters:
https://varonis.com/blog/powershell-for-pentesters
-1902-Android Pentest Tutorial:
-1903-Burp Suite Tutorial:
https://pentestgeek.com/web-applications/burp-suite-tutorial-1
-1904-Company Email Enumeration + Breached Email Finder:
-1905-Kali Linux Cheat Sheet for Penetration Testers:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-1906-Active Directory Exploitation Cheat Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
-1907-Advanced Hacking Tutorials Collection:
https://yeahhub.com/advanced-hacking-tutorials-collection
-1908-Persistence – DLL Hijacking:
https://pentestlab.blog/2020/03/04/persistence-dll-hijacking
-1909-Brute force and dictionary attacks: A cheat sheet:
-1910-How to use Facebook for Open Source Investigation:
-1911-tcpdump Cheat Sheet:
https://comparitech.com/net-admin/tcpdump-cheat-sheet
-1912-Windows Post exploitation recon with Metasploit:
-1913-Bug Hunting Methodology:
-1914-Malware traffic analysis tutorial:
-1915-Recon-ng v5 Tutorial:
https://geekwire.eu/recon-ng-v5-tutorial
-1916-Windows and Linux Privilege Escalation Tools:
-1917-Total OSCP Guide:
https://sushant747.gitbooks.io/total-oscp-guide
-1918-Phishing Windows Credentials:
https://pentestlab.blog/2020/03/02/phishing-windows-credentials
-1919-Getting What You're Entitled To: A Journey Into MacOS Stored Credentials:
-1920-Recent Papers Related To Fuzzing:
https://wcventure.github.io/FuzzingPaper
-1921-Web Shells 101 Using PHP (Web Shells Part 2):
-1922-Python3 reverse shell:
https://polisediltrading.it/hai6jzbs/python3-reverse-shell.html
-1923-Reverse Shell between two Linux machines:
https://yeahhub.com/reverse-shell-linux-machines
-1924-Tutorial - Writing Hardcoded Windows Shellcodes (32bit):
-1925-How to Use Wireshark: Comprehensive Tutorial + Tips:
https://varonis.com/blog/how-to-use-wireshark
-1926-How To Use PowerShell for Privilege Escalation with Local Privilege Escalation?
-1927-Ethical hacking:Top privilege escalation techniques in Windows:
-1928-How to Identify Company's Hacked Email Addresses:
-1929-Android APK Reverse Engineering: What's in an APK:
-1930-Keep Calm and HackTheBox - Beep:
https://freecodecamp.org/news/keep-calm-and-hack-the-box-beep/
-1931-Keep Calm and HackTheBox -Legacy:
-1932-Keep Calm and HackTheBox -Lame:
https://freecodecamp.org/news/keep-calm-and-hack-the-box-lame/
-1933-HacktheBox:Writeup Walkthrough:
https://hackingarticles.in/hack-the-box-writeup-walkthrough
-1934-2020 OSCP Exam Preparation:
-1935-My OSCP transformation:
https://kevsec.fr/journey-to-oscp-2019-write-up
-1936-A Detailed Guide on OSCP Preparation:
-1937-Useful Commands and Tools - #OSCP:
https://yeahhub.com/useful-commands-tools-oscp/
-1938-Comprehensive Guide on Password Spraying Attack
-1939-Privilege Escalation:
https://pentestlab.blog/category/privilege-escalation/
-1940-Red Team:
https://pentestlab.blog/category/red-team/
-1941-Linux post-exploitation.Advancing from user to super-user in a few clicks
https://hackmag.com/security/linux-killchain/
-1942--#BugBounty Cheatsheet
https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html
-1943--#Windows Notes/Cheatsheet
-1944-#Linux Notes/Cheatsheet
-1945-Windows Notes
https://mad-coding.cn/tags/Windows/
-1946-#BlueTeam CheatSheet
-1947-Linux Privilege Escalation Cheatsheet for OSCP:
-1948-Shodan Pentesting Guide:
https://community.turgensec.com/shodan-pentesting-guide
-1949-Pentesters Guide to PostgreSQL Hacking:
-1950-Hacking-OSCP cheatsheet:
https://ceso.github.io/posts/2020/04/hacking/oscp-cheatsheet/
-1951-A Comprehensive Guide to Breaking SSH:
https://community.turgensec.com/ssh-hacking-guide
-1952-Windows Privilege Escalation Methods for Pentesters:
-1953-Best #firefox addons for #Hacking:
https://twitter.com/cry__pto/status/1210836734331752449
-1954-S3 Bucket Enumeration Tools:
https://twitter.com/cry__pto/status/1269862357645307904
-1955-Github Recon Tools:
https://twitter.com/cry__pto/status/1269362041044832257
-1956-i created this group for more in depth sharing about hacking and penetration testing /daily posts: you can join:
https://facebook.com/groups/AmmarAmerHacker
-1957-Directory Bruteforcing Tools: && SCREENSHOTTING Tools:
https://twitter.com/cry__pto/status/1270603017256124416
-1958-S3 Bucket Enumeration Tools:
https://twitter.com/cry__pto/status/1269862357645307904
-1959-Github Recon Tools:
https://twitter.com/cry__pto/status/1269362041044832257
-1960-Website Mirroring Tools:
https://twitter.com/cry__pto/status/1248640849812078593
-1961-automated credential discovery tools:
https://twitter.com/cry__pto/status/1253214720372465665
-1962-Antiforensics Techniques:
https://twitter.com/cry__pto/status/1215001674760294400
-1963-#bugbounty tools part (1):
https://twitter.com/cry__pto/status/1212096231301881857
1964-Binary Analysis Frameworks:
https://twitter.com/cry__pto/status/1207966421575184384
-1965-#BugBounty tools part (5):
https://twitter.com/cry__pto/status/1214850754055458819
-1966-#BugBounty tools part (3):
https://twitter.com/cry__pto/status/1212290510922158080
-1967-Kali Linux Commands List (Cheat Sheet):
https://twitter.com/cry__pto/status/1264530546933272576
-1968-#BugBounty tools part (4):
https://twitter.com/cry__pto/status/1212296173412851712
-1969--Automated enumeration tools:
https://twitter.com/cry__pto/status/1214919232389099521
-1970-DNS lookup information Tools:
https://twitter.com/cry__pto/status/1248639962746105863
-1971-OSCP:
https://twitter.com/cry__pto/status/1262089078339756032
-1972-Social Engineering Tools:
https://twitter.com/cry__pto/status/1180731438796333056
-1973-Hydra :
https://twitter.com/cry__pto/status/1247507926807449600
-1974-#OSINT Your Full Guide:
https://twitter.com/cry__pto/status/1244433669936349184
-1975-#BugBounty tools part (2):
https://twitter.com/cry__pto/status/1212289852059860992
-1976-my own ebook library:
https://twitter.com/cry__pto/status/1239308541468516354
-1977-Practice part (2):
https://twitter.com/cry__pto/status/1213165695556567040
-1978-Practice part (3):
https://twitter.com/cry__pto/status/1214220715337097222
-1979-my blog:
https://twitter.com/cry__pto/status/1263457516672954368
-1980-Practice:
https://twitter.com/cry__pto/status/1212341774569504769
-1981-how to search for XSS without proxy tool:
https://twitter.com/cry__pto/status/1252558806837604352
-1982-How to collect email addresses from search engines:
https://twitter.com/cry__pto/status/1058864931792138240
-1983-Hacking Tools Cheat Sheet:
https://twitter.com/cry__pto/status/1255159507891687426
-1984-#OSCP Your Full Guide:
https://twitter.com/cry__pto/status/1240842587927445504
-1985-#HackTheBox Your Full Guide:
https://twitter.com/cry__pto/status/1241481478539816961
-1986-Web Scanners:
https://twitter.com/cry__pto/status/1271826773009928194
-1987-HACKING MAGAZINES:
-1-2600 — The Hacker Quarterly magazine:www.2600.com
-2-Hackin9:http://hakin9.org
-3-(IN)SECURE magazine:https://lnkd.in/grNM2t8
-4-PHRACK:www.phrack.org/archives
-5-Hacker’s Manual 2019
-1988-Web Exploitation Tools:
https://twitter.com/cry__pto/status/1272778056952885249
-1989-Kali Linux Cheat Sheet for Hackers:
https://twitter.com/cry__pto/status/1272792311236263937
-1990-Web Exploitation Tools:
https://twitter.com/cry__pto/status/1272778056952885249
-1991-2020 OSCP Exam Preparation + My OSCP transformation +A Detailed Guide on OSCP Preparation + Useful Commands and Tools - #OSCP:
https://twitter.com/cry__pto/status/1262089078339756032
-1992-100 Best Hacking Tools for Security Professionals in 2020:
https://gbhackers.com/hacking-tools-list/
-1993-SNMP Enumeration:
OpUtils:www.manageengine.com
SNMP Informant:www.snmp-informant.com
SNMP Scanner:www.secure-bytes.com
SNMPUtil:www.wtcs.org
SolarWinds:www.solarwinds.com
-1994-INFO-SEC RELATED CHEAT SHEETS:
https://twitter.com/cry__pto/status/1274768435361337346
-1995-METASPLOIT CHEAT SHEET:
https://twitter.com/cry__pto/status/1274769179548278786
-1996-Nmap Cheat Sheet, plus bonus Nmap + Nessus:
https://twitter.com/cry__pto/status/1275359087304286210
-1997-Wireshark Cheat Sheet - Commands, Captures, Filters, Shortcuts & More:
https://twitter.com/cry__pto/status/1276391703906222080
-1998-learn penetration testing a great series as PDF:
https://twitter.com/cry__pto/status/1277588369426526209
-1999-Detecting secrets in code committed to Gitlab (in real time):
https://www.youtube.com/watch?v=eCDgUvXZ_YE
-2000-Penetration Tester’s Guide to Evaluating OAuth 2.0 — Authorization Code Grants:
-2001-Building Virtual Machine Labs:
-2002-Windows Kernel Exploit Cheat Sheet for [HackTheBox]:
https://kakyouim.hatenablog.com/entry/2020/05/27/010807
-2003-19 Powerful Penetration Testing Tools In 2020 (Security Testing Tools):
https://softwaretestinghelp.com/penetration-testing-tools/
-2004-Full Connect Scan (-sT):
-complete the three-way handshake
-slower than SYN scan
-no need for superuser Privileges
-when stealth is not required
-to know for sure which port is open
-when running port scan via proxies like TOR
-it can be detected
nmap -sT -p 80 192.168.1.110
-2005-today i learned that you can use strings command to extract email addresses from binary files:
strings -n 8 /usr/bin/who | grep '@'
-2005-pentest cheat sheet :
-2006-Tcpdump cheat sheet :
https://gist.github.com/jforge/27962c52223ea9b8003b22b8189d93fb
-2007-tcpdump - reading tcp flags :
https://gist.github.com/tuxfight3r/9ac030cb0d707bb446c7
-2008-CTF-Notes - Hackers Resources Galore:
https://github.com/TheSecEng/CTF-notes
-2009-Pentest-Cheat-Sheets:
https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
-2010--2-Web Application Cheatsheet (Vulnhub):
-2011-A cheatsheet with commands that can be used to perform kerberos attacks :
-2012-Master Shodan Search Engine:
-2013-CTF Cheatsheet:
https://github.com/uppusaikiran/awesome-ctf-cheatsheet
-2014-Pentesting Cheatsheet:
-2015-Hacking Cheatsheet:
https://github.com/kobs0N/Hacking-Cheatsheet
-2016-Hashcat-Cheatsheet:
https://github.com/frizb/Hashcat-Cheatsheet
-2017-Wireshark Cheat Sheet:
https://github.com/security-cheatsheet/wireshark-cheatsheet
-2018-JustTryHarder:
https://github.com/sinfulz/JustTryHarder
-2019-PWK-CheatSheet:
https://github.com/ibr2/pwk-cheatsheet
-2020-kali linux cheatsheet:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-2021-Hydra-Cheatsheet:
https://github.com/frizb/Hydra-Cheatsheet
-2022-Security Tools Cheatsheets:
https://github.com/jayeshjodhawat
-2023-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit:
-2024-TRICKS FOR WEAPONIZING XSS:
https://www.trustedsec.com/blog/tricks-for-weaponizing-xss/
-2025-OSCP Notes:
https://github.com/tbowman01/OSCP-PWK-Notes-Public
-2026-OSCP Notes:
https://github.com/Technowlogy-Pushpender/oscp-notes
-2027-list of useful commands, shells and notes related to OSCP:
https://github.com/s0wr0b1ndef/OSCP-note
-2028-Notes for taking the OSCP in 2097:
https://github.com/dostoevskylabs/dostoevsky-pentest-notes
-2029-My OSCP notes:
https://github.com/tagnullde/OSCP
-2030-Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor
https://www.allysonomalley.com/2020/05/22/dnsobserver/
-2031-Red Team Notes:
https://dmcxblue.gitbook.io/red-team-notes/
-2032-Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format:
-2033-ESCALATING SUBDOMAIN TAKEOVERS TO STEAL COOKIES BY ABUSING DOCUMENT.DOMAIN:
-2034-[SSTI] BREAKING GO'S TEMPLATE ENGINE TO GET XSS:
-2035-Metasploitable 3:
https://kakyouim.hatenablog.com/entry/2020/02/16/213616
-2036-Reverse engineering and modifying an Android game:
-2037-Reverse Engineering The Medium App (and making all stories in it free):
-2038-Android Apk Reverse Engineering:
-2039-DIY Web App Pentesting Guide:
-2040-Local Admin Access and Group Policy Don’t Mix:
-2041-BREAKING TYPICAL WINDOWS HARDENING IMPLEMENTATIONS:
-2042-Decrypting ADSync passwords - my journey into DPAPI:
https://o365blog.com/post/adsync/
-2043-Ultimate Guide: PostgreSQL Pentesting:
-2044-SMB Enumeration for Penetration Testing:
-2045-(Almost) All The Ways to File Transfer:
-2046-HackTheBox TartarSauce Writeup:
https://kakyouim.hatenablog.com/entry/2020/05/14/230445
-2047-Kerberos-Attacks-In-Depth:
https://m0chan.github.io/Kerberos-Attacks-In-Depth
-2048-From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration:
-2049-Writeups for infosec Capture the Flag events by team Galaxians:
https://github.com/shiltemann/CTF-writeups-public
-2050-Angstrom CTF 2018 — web challenges [writeup]:
-2051-How to get started in CTF | Complete Begineer Guide:
-2052-Hacking 101: An Ethical Hackers Guide for Getting from Beginner to Professional:
-2053-Reconnaissance the key to Ethical Hacking!:
-2054-Day 18: Essential CTF Tools:
-2055-OSCP Cheatsheet:
https://medium.com/oscp-cheatsheet/oscp-cheatsheet-6c80b9fa8d7e
-2056-OSCP Cheat Sheet:
https://medium.com/@cymtrick/oscp-cheat-sheet-5b8aeae085ad
-2057-TryHackMe: vulnversity:
-2058-Malware Analysis Tools And Resources:
-2059-Extracting Embedded Payloads From Malware:
-2060-Attacks and Techniques Used Against WordPress Sites:
-2061-Still Scanning IP Addresses? You’re Doing it Wrong:
-2062-Source Code Disclosure via Exposed .git Folder:
-2063-GitHub Recon - It’s Really Deep:
-2064-From SSRF to Compromise: Case Study:
-2065-Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case:
-2066-Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability:
-2067-Avoiding detection via dhcp options:
-2068-Bug Bytes #86 - Stealing local files with Safari, Prototype pollution vs HTML sanitizers & A hacker’s mom learning bug bounty:
-2069-Bug Bytes #78 - BIG-IP RCE, Azure account takeover & Hunt scanner is back:
-2070-Hacking a Telecommunication company(MTN):
-2071-$20000 Facebook DOM XSS:
https://vinothkumar.me/20000-facebook-dom-xss/
-2072-Backdooring WordPress with Phpsploit:
https://blog.wpsec.com/backdooring-wordpress-with-phpsploit/
-2073-Pro tips for bugbounty:
-2074-Collection Of #bugbountytips:
-2075-Offensive Netcat/Ncat: From Port Scanning To Bind Shell IP Whitelisting:
-2076-XSS for beginners:
https://medium.com/swlh/xss-for-beginners-6752b1b1487d
-2077-LET’S GO DEEP INTO OSINT: PART 1:
medium.com/bugbountywriteup/lets-go-deep-into-osint-part-1-c2de4fe4f3bf
-2087-Beginner’s Guide to recon automation:
medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb
-2079-Automating Recon:
https://medium.com/@amyrahm786/automating-recon-28b36dc2cf48
-2080-XSS WAF & Character limitation bypass like a boss:
-2081-Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story:
-2082-TryHackMe Linux Challenges:
-2083-Persistence – COM Hijacking:
https://pentestlab.blog/2020/05/20/persistence-com-hijacking/
-2084-DLL Proxy Loading Your Favourite C# Implant
-2085-how offensive actors use applescript for attacking macos:
-2086-Windows Privilege Escalation without Metasploit
-2087-Privilege Escalation in Windows:
-2088-OSWE Prep — Hack The Box Magic:
-2089-Hackthebox | Bastion Writeup:
-2090-Hacking Android phone remotely using Metasploit:
-2091-“Hacking with Metasploit” Tutorial:
-2092-Hack The Box — Tally Writeup w/o Metasploit:
-2093-Burp Suite:
-2094-h1–702 CTF — Web Challenge Write Up:
-2095-SQL Injection & Remote Code Execution:
-2096-Juicy Infos hidden in js scripts leads to RCE :
-2097-Escalating Privileges like a Pro:
https://gauravnarwani.com/escalating-privileges-like-a-pro/
-2098-Top 16 Active Directory Vulnerabilities:
-2099-Windows Red Team Cheat Sheet:
-2100-OSCP: Developing a Methodology:
-2101-Zero to OSCP: Concise Edition:
-2102-59 Hosts to Glory — Passing the OSCP:
-2103-Can We Automate Bug Bounties With Wfuzz?
medium.com/better-programming/can-we-automate-earning-bug-bounties-with-wfuzz-c4e7a96810a5
-2104-Advanced boolean-based SQLi filter bypass techniques:
https://www.secjuice.com/advanced-sqli-waf-bypass/
-2105-Beginners Guide On How You Can Use Javascript In BugBounty:
-2106-OTP Bypass:
medium.com/bugbountywriteup/otp-bypass-on-indias-biggest-video-sharing-site-e94587c1aa89
-2107-How we Hijacked 26+ Subdomains:
-2018-How to spot and exploit postMessage vulnerablities:
-2119-IDA Pro Tips to Add to Your Bag of Tricks:
https://swarm.ptsecurity.com/ida-pro-tips/
-2120-N1QL Injection: Kind of SQL Injection in a NoSQL Database:
-2121-CSRF Protection Bypass in Play Framework:
-2122-$25K Instagram Almost XSS Filter Link — Facebook Bug Bounty:
-2123-techniques for learning passwords:
-2124-How a simple CSRF attack turned into a P1:
-2125-How I exploited the json csrf with method override technique:
-2126-How I found CSRF(my first bounty):
-2127-Exploiting websocket application wide XSS and CSRF:
-2128-Touch ID authentication Bypass on evernote and dropbox iOS apps:
-2129-Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect:
-2130-Two factor authentication bypass:
https://gauravnarwani.com/two-factor-authentication-bypass/
-2132-Tricky oracle SQLI situation:
-2133-CORS bug on google’s 404 page (rewarded):
-2134-Subdomain takeover via unsecured s3 bucket:
-2135-Subdomain takeover via wufoo service:
-2136-How I found CSRF(my first bounty):
-2137-Race condition that could result to RCE a story with an app:
-2138-Creating thinking is our everything : Race condition and business logic:
-2139-Chaining improper authorization to Race condition to harvest credit card details:
-2140-Google APIs Clickjacking worth 1337$:
-2141-Bypass CSRF with clickjacking on Google org:
-2142-2FA Bypass via logical rate limiting Bypass:
-2143-OTP bruteforce account takeover:
-2144-Microsoft RCE bugbounty:
-2145-Bug Bounty Tips #1:
https://www.infosecmatter.com/bug-bounty-tips-1/
-2146-Bug Bounty Tips #2:
https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/
-2147-Bug Bounty Tips #3:
https://www.infosecmatter.com/bug-bounty-tips-3-jul-21/
-2148-Bug Bounty Tips #4:
https://www.infosecmatter.com/bug-bounty-tips-4-aug-03/
-2149-Bug Bounty Tips #5:
https://www.infosecmatter.com/bug-bounty-tips-5-aug-17/
-2150-Bug Bounty Tips #6:
https://www.infosecmatter.com/bug-bounty-tips-6-sep-07/
-2151-Finding Bugs in File Systems with an Extensible Fuzzing Framework ﴾TOS 2020﴿:
-2152-PeriScope: An Effective Probing and Fuzzing Framework for the Hardware‐OS Boundary ﴾NDSS2019﴿:
-2153-Bug Bounty Tips #7:
https://www.infosecmatter.com/bug-bounty-tips-7-sep-27/
-2154-Fuzzing: Hack, Art, and Science ﴾CACM 2020﴿:
-2155-Azure File Shares for Pentesters:
https://blog.netspi.com/azure-file-shares-for-pentesters/
-2156-XSS like a Pro:
https://www.hackerinside.me/2019/12/xss-like-pro.html
-2157-XSS on Cookie Pop-up Warning:
https://vict0ni.me/bug-hunting-xss-on-cookie-popup-warning/
-2158-Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty:
-2159-XSS in Zoho Mail:
https://www.hackerinside.me/2019/09/xss-in-zoho-mail.html
-2160-Overview Of Empire 3.4 Features:
-2161-Android App Source code Extraction and Bypassing Root and SSL Pinning checks:
https://vj0shii.info/android-app-testing-initial-steps/
-2162-The 3 Day Account Takeover:
-2163-A Review of Fuzzing Tools and Methods:
https://wcventure.github.io/FuzzingPaper/Paper/2017_review.pdf
-2164-PeriScope: An Effective Probing and Fuzzing Framework for the Hardware‐OS Boundary ﴾NDSS2019﴿:
-2165-Oneplus XSS vulnerability in customer support portal:
-2166-Windows-Privilege-Escalation-Resources:
-2167-Persistence – DLL Hijacking:
https://pentestlab.blog/page/5/
-2168-Scanning JS Files for Endpoints and Secrets:
-2169-Password Spraying Secure Logon for F5 Networks:
-2170-Password Spraying Dell SonicWALL Virtual Office:
-2171-Attention to Details : Finding Hidden IDORs:
-2172-Bypassing file upload filter by source code review in Bolt CMS:
https://stazot.com/boltcms-file-upload-bypass/
-2173-HTB{ Giddy }:
-2174-Analyzing WhatsApp Calls with Wireshark, radare2 and Frida:
-2175-2FA bypass via CSRF attack:
-2176-CSRF token bypass [a tale of 2k bug]:
-2177-Setting the ‘Referer’ Header Using JavaScript:
-2178-Bug Bytes #91 - The shortest domain, Weird Facebook authentication bypass & GitHub Actions secrets:
-2179-Stored XSS on Zendesk via Macro’s PART 2:
-2180-Azure Account Hijacking using mimikatz’s lsadump::setntlm:
-2181-CORS misconfiguration account takeover out of scope to grab items in scope:
-2182-Razzer: Finding Kernel Race Bugs through Fuzzing ﴾S&P 2019﴿:
https://wcventure.github.io/FuzzingPaper/Paper/SP19_Razzer.pdf
https://lifeasageek.github.io/papers/jeong-razzer-slides.pdf
-2183-Facebook Bug bounty : How I was able to enumerate instagram accounts who had enabled 2FA:
-2184-Bypass hackerone 2FA:
-2185-How I abused 2FA to maintain persistence after password recovery change google microsoft instragram:
-2186-How I hacked 40k user accounts of microsoft using 2FA bypass outlook:
-2187-How to bypass 2FA with a HTTP header:
-2188-Building a custom Mimikatz binary:
-2189-Self XSS to Good XSS:
-2190-DOM based XSS or why you should not rely on cloudflare too much:
-2191-Reading internal files using SSRF vulnerability:
-2192-Latest web hacking tools:
-2193-Cross-Site Scripting (XSS) Cheat Sheet - 2020 Edition:
-2194-Hijacking a Domain Controller with Netlogon RPC (aka Zerologon: CVE-2020-1472):
-2195-How I got 1200+ Open S3 buckets…!:
-2196-Open Sesame: Escalating Open Redirect to RCE with Electron Code Review:
-2197-When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number:
-2198-HTB{ Vault }:
-2199-HTB{ ellingson }:
-2200-HTB{ Swagshop }:
-2201-Evading Firewalls with Tunnels:
https://michiana-infosec.com/evading-firewalls-with-tunnels/
-2202-How to Geolocate Mobile Phones (or not):
-2203-Web application race conditions: It’s not just for binaries:
-2204-Two-Factor Authentication Bypass:
https://gauravnarwani.com/two-factor-authentication-bypass/
-2205-Proxies, Pivots, and Tunnels – Oh My! :
-2206-Let's Debug Together: CVE-2020-9992:
-2207-I Like to Move It: Windows Lateral Movement Part 3: DLL Hijacking:
-2208-Abusing Chrome's XSS auditor to steal tokens:
-2209-ModSecurity, Regular Expressions and Disputed CVE-2020-15598:
-2210-Bug Bounty Tips #8:
https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/
-2211-IOS Pentesing Guide From A N00bs Perspective:
-2212-Bug Bytes #92 - Pwning Apple for three months, XSS in VueJS, Hacking Salesforce Lightning & Unicode byͥtes:
-2213-We Hacked Apple for 3 Months: Here’s What We Found:
https://samcurry.net/hacking-apple/
-2214-Breaking JCaptcha using Tensorflow and AOCR:
https://www.gremwell.com/breaking-jcaptcha-tensorflow-aocr
-2215-Bug Bytes #82 - Timeless timing attacks, Grafana SSRF, Pizza & Youtube delicacie:
-2216-Bug Bytes #71 – 20K Facebook XSS, LevelUp 0x06 &Naffy’s Notes:
-2217-Bug Bytes #90 - The impossible XSS, Burp Pro tips & A millionaire on bug bounty and meditation:
-2218-How to Find Vulnerabilities in Code: Bad Words:
-2219-Testing for WebSockets security vulnerabilities:
https://portswigger.net/web-security/websockets
-2220-Practical Web Cache Poisoning:
https://portswigger.net/research/practical-web-cache-poisoning
-2221-htb{ zipper }:
-2222-What is HTTP request smuggling? Tutorial & Examples:
https://portswigger.net/web-security/request-smuggling
-2223-When alert fails: exploiting transient events:
-2224-BugPoC LFI Challeng:
https://hipotermia.pw/bb/bugpoc-lfi-challenge
-2225-Misc CTF - Request Smuggling:
https://hg8.sh/posts/misc-ctf/request-smuggling/
-2226-403 to RCE in XAMPP:
https://www.securifera.com/blog/2020/10/13/403-to-rce-in-xampp/
-2227-Phone numbers investigation, the open source way:
-2228-Covert Web Shells in .NET with Read-Only Web Paths:
-2229-From Static Analysis to RCE:
https://blog.dixitaditya.com/from-android-app-to-rce/
-2230-GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty:
-2231-Signed Binary Proxy Execution via PyCharm:
-2232-Bug Bytes #93 - Discord RCE, Vulnerable HTML to PDF converters & DOMPurify bypass demystified :
-2233-Bug Bytes #94 - Breaking Symfony apps, Why Cyber Security is so hard to learn & how best to approach it:
-2234-Advanced Level Resources For Web Application Penetration Testing:
-2235-Pass-the-hash wifi:
https://sensepost.com/blog/2020/pass-the-hash-wifi/
-2236-HTML to PDF converters, can I hack them?:
-2237-Android adb reverse tethering mitm setup:
-2238-Typical Wi-Fi attacks:
https://splone.com/blog/2020/10/13/typical-wi-fi-attacks/
-2239-Burp suite “ninja moves”:
-2240-Razzer: Finding Kernel Race Bugs through Fuzzing ﴾S&P 2019﴿:
Paper:https://wcventure.github.io/FuzzingPaper/Paper/SP19_Razzer.pdf
Code:https://github.com/compsec-snu/razzer
Slides:https://lifeasageek.github.io/papers/jeong-razzer-slides.pdf
-2241-MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation ﴾USENIX Security2018﴿:
-2242-Sequence directed hybrid fuzzing ﴾SANER 2020﴿:
-2243-Open Source Intelligence Tools And Resources Handbook 2020:
-2244-How to Find IP Addresses Owned by a Company:
https://securitytrails.com/blog/identify-ip-ranges-company-owns
-2245-What is Banner Grabbing? Best Tools and Techniques Explained:
https://securitytrails.com/blog/banner-grabbing
-2246-Recon Methods Part 4 – Automated OSINT:
-2247-Forcing Firefox to Execute XSS Payloads during 302 Redirects:
https://www.gremwell.com/firefox-xss-302
-2248-HTB{ Frolic }:
-2249-Identifying Vulnerabilities in SSL/TLS and Attacking them:
-2250-My First Bug Bounty Reward:
-2251-2FA Bypass On Instagram Through A Vulnerable Endpoint:
-2252-Automating XSS using Dalfox, GF and Waybackurls:
-2253-Think Outside the Scope: Advanced CORS Exploitation Techniques:
-2254-Intro to CTFs. Resources, advice and everything else:
https://medium.com/bugbountywriteup/intro-to-ctfs-164a03fb9e60
-2255-PowerShell Commands for Pentesters:
-2256-31k$ SSRF in Google Cloud Monitoring led to metadata exposure:
-2257-NAT Slipstreaming:
https://samy.pl/slipstream/
-2258-How i got 7000$ in Bug-Bounty for my Critical Finding:
-2259-SQL Injection Payload List:
-2260-Taking over multiple user accounts:
-2261-Bug Bytes #98 - Imagemagick's comeback, Treasure trove of wordlists, Advent of Cyber & How to get more hours in your day:
-2262-How to get root on Ubuntu 20.04 by pretending nobody’s /home:
-2263-What is Shodan? Diving into the Google of IoT Devices:
https://securitytrails.com/blog/what-is-shodan
-2264-Purgalicious VBA: Macro Obfuscation With VBA Purging & OfficePurge:
https://github.com/fireeye/OfficePurge
-2265-Dynamic Invocation in .NET to bypass hooks:
-2266-NepHack Online CTF June 2020 Write-up:
-2268-Attacking SCADA Part II::
-2269-PENTESTING CHEATSHEET:
https://hausec.com/pentesting-cheatsheet
-2270-CVE-2020-16898 – Exploiting “Bad Neighbor” vulnerability:
http://blog.pi3.com.pl/?p=780
-2271-TShark Cheatsheet:
-2272-Exploiting a “Simple” Vulnerability – In 35 Easy Steps or Less!:
-2273-Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox:
-2274-Exploiting CVE-2020-0041 - Part 2: Escalating to root:
-2275-Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288):
-2276-Bug Bytes #99 – Bypassing bots and WAFs,JQ in Burp & Smarter JSON fuzzing and subdomain takeovers:
-2277-Digging secrets from git repositories by using truffleHog:
-2287-Apple Safari Pwn2Own 2018 Whitepaper:
-2288-DISSECTING APT21 SAMPLES USING A STEP-BY-STEP APPROACH:
-2289-MITRE ATT&CK T1082 System Information Discovery:
-2290-A simple and fast Wireshark tutorial:
-2291-Recon - My Way Or High Way:
-2292-Finding bugs at limited scope programs (Single Domain Websites):
-2293-Passive intelligence gathering techniques:
-2294-Android Pen-testing/Hunting 101:
-2295-All MITM attacks in one place:
https://github.com/Sab0tag3d/MITM-cheatsheet
-2296-From Recon to Optimizing RCE Results:
-2297-RCE on https://beta-partners.tesla.com due to CVE-2020-0618:
-2298-Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641:
-2299-Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass:
-2300-Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution:
-2301-1000$ for Open redirect via unknown technique [BugBounty writeup]:
-2302-Facebook SSRF:
-2303-Metasploit Tips and Tricks for HaXmas 2020:
-2304-SubDomain TakeOver ~ Easy WIN WIN:
-2305-Recon Methodology :
https://github.com/Quikko/Recon-Methodology
-2306-h1-212 CTF Writeup:
-2307-exploiting-second-order-blind-sql-injection:
-2308-hunting-on-the-go-install-nethunter-on-unsupported-devices:
-2309-$10,000 for a vulnerability that doesn’t exist:
-2310-Finding bugs on Chess.com:
-2311-Each and every request make sense:
-2312-Exploiting Max. Character Limitation:
-2313-API based IDOR to leaking Private IP address of 6000 businesses:
-2314-Facebook bug Bounty -Finding the hidden members of the Vivek ps private events:
-2315-IoT Vulnerability Assessment of the Irish IP Address Space:
-2316-Facebook bug bounty (500 USD) :A blocked fundraiser organizer would be unable to view or remove themselves from the fundraiser
-2317-This is how I was able to view anyone’s private email and birthday on Instagram:
-2138-My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection:
-2139-JavaScript analysis leading to Admin portal access:
-2140-SCADA hacker's toolset:
https://scadahacker.com/tools.html
-2141-red team phishing:
-2142-Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies:
-2143-Stored XSS in icloud.com:
-2144-20 Common Tools & Techniques Used by macOS Threat Actors & Malware:
-2145-Error-Based SQL Injection on a WordPress website and extract more than 150k user details:
-2146-Scope Based Recon Methodology: Exploring Tactics for Smart Recon:
-2147-Hail Frida!! The Universal SSL pinning bypass for Android applications:
-2148-Common Tools & Techniques Used By Threat Actors and Malware — Part I :
-2149-Common Tools & Techniques Used By Threat Actors and Malware — Part II:
-2150-Tools designed to automate phishing attacks that are intended to bypass 2FA:
evilginx2: https://lnkd.in/emMu_mN
Modlishka: https://lnkd.in/gvGc-kZ
KoiPhish: https://lnkd.in/dwzavJr
ReelPhish https://lnkd.in/gjs_aC8
CredSniper:https://lnkd.in/g-jzK4y
Muraena:https://lnkd.in/d2M53cs
-2151-Digital Forensic Tools
https://github.com/ivbeg/awesome-forensicstools/
-2152-Netcat Cheat Sheet:
-2153-Web App Hacking Methodology:
https://twitter.com/cry__pto/status/1374625813404999686
-2154-Penetration Testing MindMap:
https://twitter.com/cry__pto/status/1375170618501562368
-2155-Hacking Concept and Fundamentals:
https://twitter.com/cry__pto/status/1376615352466046976
-2156-Social Media Osint Tools:
https://twitter.com/cry__pto/status/1382323944833875970