No one who achieves success does so without acknowledging the help of others. The wise and confident acknowledge this help with gratitude. - Alfred North Whitehead
Links
Put on your reading glasses, pour some coffee and get to it!! This is a collection of links covering many many subjects. Never be so confident in yourself so as to think you can’t learn a thing or two from the work of others. Many thanks to "Security Aegis" and the community at large. As time passes I will add to this link-repository and I intend to create some video galleries as well. I should mention that these categories may not be perfectly organized but you should be able to find what you're looking for. Again, be patient and return from time to time for some more reading… and "Try Harder!!"...
There are a couple of people/organizations I would like to make special mention of:
Corelan G0tmi1k Offensive Security Exploit-db mr_me GreyHatHacker SecurityTube Exploit-Monday SkyLined & Cipher
- OSINT
- Media
- Labs
- Tools
- Web
Blogs
Carnal0wnage
McGrew Security
Blog | GNUCITIZEN
Darknet
spylogic.net
TaoSecurity
Room362.com
SIPVicious
PortSwigger.net
Blog - pentestmonkey.net
Jeremiah Grossman
omg.wtf.bbq.
Catch22
SkullSecurity
Metasploit
Security and Networking
Skeptikal.org
Digital Soapbox
tssci security
Blog - Gotham Digital Science
Reiners’ Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
MadIrish.net
sirdarckcat
Reusable Security
Myne-us
www.notsosecure.com
SpiderLabs Anterior
Corelan Team | (corelanc0d3r)
DigiNinja
Home Of PaulDotCom Security Podcast
Attack Vector
deviating.net
Alpha One Labs
SmashingPasswords.com
wirewatcher
gynvael.coldwind//vx.log
Nullthreat Security
Archangel Amael's BT Tutorials
memset's blog
ihasomgsecurityskills
punter-infosec
Security Ninja
Security and risk
GRM n00bs
Kioptrix
::eSploit::
PenTestIT
Forums
BackTrack Forums
EliteHackers.info
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override
bright-shadows.net
ethicalhacker.net
sla.ckers.org
Magazines
Video
The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
27c3-stream/releases/mkv
YouTube - ChRiStIaAn008's Channel
YouTube - HackingCons's Channel
Methodologies
Penetration Testing Framework
The Penetration Testing Standard
Web Application Security Consortium (WASC)
OWASP top 10
social-engineer.org
Presentations
OSINT - Social Networks
OSINT - Blogs, Message Boards
OSINT - Monitoring and Social Media
Tactical Information Gathering
Document metadata
Passive information gathering
People
spokeo.com - People Search
123people.com
Spoke.com - Business Directory
Business Network - Social Network for Business Professionals
ZoomInfo
Pipl - People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search - Social Mention
EntityCube
yasni.com
Tweepz.com
TweepSearch
Glassdoor.com
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PeekYou
PicFog - Quick Image Search
Twapper Keeper - "We save tweets"
The Ultimates
Infrastructure
Netcraft Uptime Survey
SHODAN - Computer Search Engine
Domain Tools
Free online network utilities
http://hackerfantastic.com/
WHOIS and Reverse IP Service
MSN IP Search
SSL Labs
MyIPNeighbors
Google Hacking Database
Domain
net toolkit::index
IHS
Exploits / Advisories
The Exploit Database
.:[ packet storm ]:.
SecurityFocus
SecurityForest
NIST
OSVDB
SecDocs
Nullbyte.Org.IL
CVE
Secunia.com
CVE
Tools
netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Agile Hacking
Agile Hacking
Command Line Kung Fu
Directory Bruteforcing
The Grammar of WMIC
Kung Fu with WMIC
Windows CMD Commands
Command on mac
Syn: Command-Line Ninjitsu
WMIC
Hacking Without Tools
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2
[PenTester Scripting]
windows-scripting-COM-tricks
Advanced-Command-Exploitation
OS / Scripts
IPv4 subnetting reference
All the Best Linux Cheat Sheets
SHELLdorado
Linux Survival
BashPitfalls
Rubular
Port-Numbers
CMD's for Windows administrators
Distributions
BackTrack Linux
Matriux
nUbuntu
Samurai Web Testing Framework
OWASP Live CD Project
Pentoo
Katana
KON-BOOT
Welcome to Linux From Scratch!
SUMO Linux
pentesting packages for ubuntu
BackBox Linux | Flexible Pentesting
ISO's / VM's
Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
NETinVM
:: moth ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
WackoPico
LAMPSecurity
Hacking-Lab.com LiveCD
Virtual Hacking Lab
Badstore.net
Mutillidae: Vulnerable PHP Scripts
Damn Vulnerable Web App - DVWA
pWnOS
The ButterFly - Security Project
Vulnerable Soft.
OldApps.com
OldVersion.com
Web Application exploits
wavsep
OWASP SiteGenerator - OWASP
Hacme Books | McAfeeTools
Hacme Casino v1.0 | McAfee Tools
Hacme Shipping | McAfee Tools
Hacme Travel | McAfee Tools
Test Sites
Test Site
CrackMeBank Investments
http://zero.webappsecurity.com
acublog news
acuforum forums
Home of Acunetix Art
Altoro Mutual
NT OBJECTives
Exploitation Intro
it-sec-catalog
Myne-us: From 0x90 to 0x4c454554
Abysssec Security Research
Smash the Stack 2010
The Ethical Hacker Network
x9090's Blog
X86 Opcode Reference
Revercing
TiGa's IDA Video Tutorial Site
Binary Auditing
http://visi.kenshoto.com/
radare
Offensive Computing
Passwords / Hashes
Password Exploitation Class
Default Passwords Database
Sinbad Security Blog
Foofus Networking Services
LM/NTLM
MD5
Password Storage Locations
Online Hash Cracking
Requested MD5 Hash queue
Virus.Org
Default Password List
Electric Alchemy
Wordlists
"Crack Me If You Can" - DEFCON 2011
Packet Storm Word Lists
Passwords - SkullSecurity
Index of /passwd/passwords
Pass the Hash
psexec mitigation
crack-pass-hash
MitM
Introduction to dsniff
dsniff-n-mirror.pdf
dsniff.pdf
Techvibes.com
ECCE101.pdf
333.pdf
UC_Attacks_Ch3.pdf
cracking-air.pdf
bh-europe-03-valleri.pdf
Costa.pdf
defcon-17-hijacking_web_2.0.pdf
Live_Hacking.pdf
PasstheParcel-MITMGuide.pdf
2010JohnStrandKeynote.pdf
Ettercap_Spoof.pdf
EtterCap ARP Spoofing & Beyond.pdf
Fun With EtterCap Filters.pdf
The_Magic_of_Ettercap.pdf
arp_spoofing.pdf
Ettercap.pdf
ICTSecurity-2004-26.pdf
ettercap_Nov_6_2005-1.pdf
MadIrish.net
Thicknet
OSINT
Edge-Security - theHarvester
DNSTRACER man-page
Maltego 3
Metadata
document-metadata
[strike out]
ExifTool by Phil Harvey
Edge-Security - Metagoofil
Metadata Enumeration with FOCA
Google Hacking
Midnight Research Labs - SEAT
Google Hacking Diggity
dorkScan.py
Web
BeEF
BlindElephant
XSSer
RIPS
divineinvasion.net
Attack and Defense Labs
Browser Exploitation for Fun&Profit
sqid (SQL Injection Digger)
pinata-CSRF-tool
Clickjacker
unicode-fun.txt - Packet Storm
WebService-Attacker
Attack Strings
fuzzdb
OWASP Fuzzing Code Database
Shells
SourceForge.net: Yokoso!
AJAX/PHP Command Shell
Scanners
w3af
skipfish
sqlmap: automatic SQL injection tool
SQID - SQL Injection digger
XSSscan - Packetstormsecurity
WindowsAttack - fimap
fm-fsf
Websecurify
Arachni
rfiscan - Packet Storm
lfi-rfi2 - Packet Storm
inspathx - Path Disclosure
DotDotPwn - Packet Storm
Burp
credentials-discovery
Constricting the Web
Browse Belch
Burp Suite Tutorial
w3af in burp
Attack and Defense Labs
burp suite tutorial
SensePost - reDuh
OWASP WebScarab NG Project
Mallory
Fiddler Web Debugger
Watcher: Web security testing tool
X5S
koto/squid-imposter - GitHub
Social Engineering
Passwords
Ncrack
Medusa
JTR
hashcat
Ophcrack
keimpx in action | 0x3f
keimpx - Project Hosting on Google Code
hashkill
Metasploit
markremark: Reverse Pivots
WmapNikto - msf-hack
markremark
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script
Metasploit: Automation
561
Deploying Metasploit as a Payload
Metasploit/MeterpreterClient
SecTor 2010 - HD Moore
XLSinjector
Armitage
Nsploit
neurosurgery-with-meterpreter
(automating msf) UAV-slides.pdf
NSE
Scanners / Scripts
Nmap
sambascan2 - SMB scanner
SoftPerfect Network Scanner
OpenVAS
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community
Netcat
Favorite Ncat/nc/Netcat trick
ads.pdf
Netcat_for_the_Masses.pdf
netcat_cheat_sheet_v1.pdf
socat
NetCat tutorial
Netcat tricks
Nmap Development
Terminally Incoherent
Skoudis_pentestsecrets.pdf
Cracked, inSecure and Broken
Ncat for Netcat Users
Training / Classes
Penetration Testing
Network Sniffers Class
Advanced Ethical Hacking
CS 279 - Advanced Topics in Security
CS142 Web Prog. and Security
CS155 Comp. and Network Security
CSE 227: Computer Security - UCSD
CS 161: Computer Security
Security Talks - UCLA
CSCI 4971 Secure Software
MCS 494 UNIX Security Holes
Software Security - CMU
T-110 Special Topics in Ifocsec
Sec and Infosec Related - MIT
Metasploit Unleashed
Metasploit Class Videos
Metasploit Megaprimer 300+ mins
Metasploit Tips and Tricks - Ryan Linn
Metasploit Class2 - Part1
Metasploit Class2 - Part2
Metasploit Class2 - Part3
SQLi
MSSQL Injection Cheat Sheet
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet
Mediaservice.net SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet
Access SQL Injection
Testing for MS Access - OWASP
Security Override
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections
SQL Injection Attack
Advanced SQL Injection - LayerOne
Joe McCray - Advanced SQL Injection
Joseph McCray SQL Injection
sla.ckers.org
sqli2.pdf
SQL Server Version - SQLTeam.com
Overlooked SQL Injection
SQLInjectionCommentary
Uploadtricks
bypassing upload file type
Skeptikal.org
Secure File Upload in PHP
Stupid htaccess Tricks
Bypassing Image Uploaders
ADS File Upload Vulnerability
Cross Site Scripting scanner
VUPEN - Microsoft IIS File Extension
File Field Control
TangoCMS - File Upload Filter Bypass
Zeroboard File Upload bypass
Cross-site File Upload Attacks
TikiWiki jhot.php Script File Upload
FileUploadSecurity - SH/SC Wiki
LFI / RFI
http://pastie.org/840199
Exploiting PHP File Inclusion
LFI..Code Exec..Remote Root!
Local File Inclusion
DigiNinja
XSS
The Anatomy of Cross Site Scripting
Whitepapers - www.technicalinfo.net
Tales from the Crypto
InterN0T - Underground Security
BlackHat-EU-2010
sirdarckcat
Filter Evasion - Houdini on the Wire
HTML5 Security Cheatsheet
XSS - Cross Site Scripting
sla.ckers.org :: XSS Info
XSS of the Third Kind
What's Possible with XSS?
Coldfusion
ColdFusion directory traversal FAQ
Attacking ColdFusion
HP Blogs - Adobe ColdFusion's Directory Traversal Disaster
HackProofingColdFusion.pdf
Adobe XML Injection Metasploit
Computer Security Blog: PR10-08 XSS Adobe ColdFusion
SharePoint
Lotus
Lotus Notes/Domino Security
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno
jboss
Hacking-jBoss-using-a-Browser.pdf
Minded Security Blog
vmware web
Oracle
hideaway: Oracle Application Servers
Testing for Oracle - OWASP
OraScan
NGSSQuirreL for Oracle
hpoas.pdf
SAP
Onapsis | Research Labs
patch for SAP-passwords
Phenoelit SAP exploits
Minsc
pyrit
ikkisoft.com: SMH_XSS.txt
XFS 101: Cross-Frame Scripting
WTF Is My Security Strategy?
OWASP - WebAppPenTest.mp4
DeepSec 2007 - RPC Auditing
SensePost
Zen One: PCI Compliance
HD Moore on Metasploit
Network Time Protocol (NTP) Fun
black-box-scanners-dimva2010.pdf
Pen_Testing_ISSA_March_25_V2.pdf