Scribd
Upload
2K views14 pages

Hacking Bookmarks

The document lists bookmarks for blogs, forums, videos, methodologies, OSINT resources, exploits/advisories, cheatsheets, tools, distributions, and labs that are useful for penetration testing and hacking. It includes over 150 individual links organized into categories. The bookmarks cover a wide range of topics relevant to security research and testing.

Uploaded by

My All
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
2K views14 pages

Hacking Bookmarks

The document lists bookmarks for blogs, forums, videos, methodologies, OSINT resources, exploits/advisories, cheatsheets, tools, distributions, and labs that are useful for penetration testing and hacking. It includes over 150 individual links organized into categories. The bookmarks cover a wide range of topics relevant to security research and testing.

Uploaded by

My All
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 14

#summary Bookmarks List

= Hacker Media =

== Blogs Worth It: ==


What the title says. There are a LOT of pentesting blogs, these are the ones i
monitor constantly and value in the actual day to day testing work.

* http://carnal0wnage.blogspot.com/
* http://www.mcgrewsecurity.com/
* http://www.gnucitizen.org/blog/
* http://www.darknet.org.uk/
* http://spylogic.net/
* http://taosecurity.blogspot.com/
* http://www.room362.com/
* http://blog.sipvicious.org/
* http://blog.portswigger.net/
* http://pentestmonkey.net/blog/
* http://jeremiahgrossman.blogspot.com/
* http://i8jesus.com/
* http://blog.c22.cc/
* http://www.skullsecurity.org/blog/
* http://blog.metasploit.com/
* http://www.darkoperator.com/
* http://blog.skeptikal.org/
* http://preachsecurity.blogspot.com/
* http://www.tssci-security.com/
* http://www.gdssecurity.com/l/b/
* http://websec.wordpress.com/
* http://bernardodamele.blogspot.com/
* http://laramies.blogspot.com/
* http://www.spylogic.net/
* http://blog.andlabs.org/
* http://xs-sniper.com/blog/
* http://www.commonexploits.com/
* http://www.sensepost.com/blog/
* http://wepma.blogspot.com/
* http://exploit.co.il/
* http://securityreliks.wordpress.com/
* http://www.madirish.net/index.html
* http://sirdarckcat.blogspot.com/
* http://reusablesec.blogspot.com/
* http://myne-us.blogspot.com/
* http://www.notsosecure.com/
* http://blog.spiderlabs.com/
* http://www.corelan.be/
* http://www.digininja.org/
* http://www.pauldotcom.com/
* http://www.attackvector.org/
* http://deviating.net/
* http://www.alphaonelabs.com/
* http://www.smashingpasswords.com/
* http://wirewatcher.wordpress.com/
* http://gynvael.coldwind.pl/
* http://www.nullthreat.net/
* http://www.question-defense.com/
* http://archangelamael.blogspot.com/
* http://memset.wordpress.com/
* http://sickness.tor.hu/
* http://punter-infosec.com/
* http://www.securityninja.co.uk/
* http://securityandrisk.blogspot.com/
* http://esploit.blogspot.com/
* http://www.pentestit.com/

== Forums: ==

Created for forums that will help in both tool usage, syntax, attack techniques,
and collection of scripts and tools. Needs some help. I don't really frequent too
many underground forums but i actually find nice one-off scripts and info i can
roll into my own code in these places. Would like to add more.

* http://sla.ckers.org/forum/index.php
* http://www.ethicalhacker.net/
* http://www.backtrack-linux.org/forums/
* http://www.elitehackers.info/forums/
* http://www.hackthissite.org/forums/index.php
* http://securityoverride.com/forum/index.php
* http://www.iexploit.org/
* http://bright-shadows.net/
* http://www.governmentsecurity.org/forum/
* http://forum.intern0t.net/

== Magazines: ==

* http://www.net-security.org/insecuremag.php
* http://hakin9.org/

== Video: ==

* http://www.hackernews.com/
* http://www.securitytube.net/
* http://www.irongeek.com/i.php?page=videos/aide-winter-2011
* http://avondale.good.net/dl/bd/
* http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
* http://www.youtube.com/user/ChRiStIaAn008
* http://www.youtube.com/user/HackingCons
----
= Methodologies: =

* http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
* http://www.pentest-standard.org/index.php/Main_Page
* http://projects.webappsec.org/w/page/13246978/Threat-Classification
* http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
* http://www.social-engineer.org/
----
= OSINT =

== Presentations: ==

* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-
gathering-part-1-social-networks/
* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-
gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-
gathering-part-3-monitoring/
* http://www.slideshare.net/Laramies/tactical-information-gathering
*
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_k
iller__32974
* http://infond.blogspot.com/2010/05/toturial-footprinting.html

== People and Organizational: ==

* http://www.spokeo.com/
* http://www.123people.com/
* http://www.xing.com/
* http://www.zoominfo.com/search
* http://pipl.com/
* http://www.zabasearch.com/
* http://www.searchbug.com/default.aspx
* http://theultimates.com/
* http://skipease.com/
* http://addictomatic.com/
* http://socialmention.com/
* http://entitycube.research.microsoft.com/
* http://www.yasni.com/
* http://tweepz.com/
* http://tweepsearch.com/
* http://www.glassdoor.com/index.htm
* http://www.jigsaw.com/
* http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
* http://www.tineye.com/
* http://www.peekyou.com/
* http://picfog.com/
* http://twapperkeeper.com/index.php

== Infrastructure: ==

* http://uptime.netcraft.com/
* http://www.serversniff.net/
* http://www.domaintools.com/
* http://centralops.net/co/
* http://hackerfantastic.com/
* http://whois.webhosting.info/
* https://www.ssllabs.com/ssldb/analyze.html
* http://www.clez.net/
* http://www.my-ip-neighbors.com/
* http://www.shodanhq.com/
* http://www.exploit-db.com/google-dorks/
* http://www.hackersforcharity.org/ghdb/
----
= Exploits and Advisories: =

* http://www.exploit-db.com/
* http://www.cvedetails.com/
* http://www.milw0rm.com/ (Down permanently)
* http://www.packetstormsecurity.org/
* http://www.securityforest.com/wiki/index.php/Main_Page
* http://www.securityfocus.com/bid
* http://nvd.nist.gov/
* http://osvdb.org/
* http://www.nullbyte.org.il/Index.html
* http://secdocs.lonerunners.net/
* http://www.phenoelit-us.org/whatSAP/index.html
* http://secunia.com/
* http://cve.mitre.org/
----
= Cheatsheets and Syntax: =

* http://cirt.net/ports_dl.php?export=services
* http://www.cheat-sheets.org/
* http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-
sheets/

== Agile Hacking: ==

* http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-
portscanner/
* http://blog.commandlinekungfu.com/
* http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
* http://isc.sans.edu/diary.html?storyid=2376
* http://isc.sans.edu/diary.html?storyid=1229
* http://ss64.com/nt/
* http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
* http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
* http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
* http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
*
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
* http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-
Netcat-without-Netcat/d/3064507
* http://www.pentesterscripting.com/
* http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-
hack-windows_33583
* http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-
Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

== OS and Scripts: ==

* http://en.wikipedia.org/wiki/IPv4_subnetting_reference
* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
* http://shelldorado.com/shelltips/beginner.html
* http://www.linuxsurvival.com/
* http://mywiki.wooledge.org/BashPitfalls
* http://rubular.com/
* http://www.iana.org/assignments/port-numbers
* http://www.robvanderwoude.com/ntadmincommands.php
* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

== Tools: ==

* http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
* http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
* http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
* http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
* http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
* http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet
%20reference.html
* http://h.ackack.net/cheat-sheets/netcat
----
= Distros: =

* http://www.backtrack-linux.org/
* http://www.matriux.com/
* http://samurai.inguardians.com/
* http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
* https://pentoo.ch/
* http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
* http://www.piotrbania.com/all/kon-boot/
* http://www.linuxfromscratch.org/
* http://sumolinux.suntzudata.com/
* http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
* http://www.backbox.org/
----
= Labs: =
== ISOs and VMs: ==

* http://sourceforge.net/projects/websecuritydojo/
* http://code.google.com/p/owaspbwa/wiki/ProjectSummary
* http://heorot.net/livecds/
* http://informatica.uv.es/~carlos/docencia/netinvm/
* http://www.bonsai-sec.com/en/research/moth.php
* http://blog.metasploit.com/2010/05/introducing-metasploitable.html
* http://pynstrom.net/holynix.php
* http://gnacktrack.co.uk/download.php
* http://sourceforge.net/projects/lampsecurity/files/
* https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
* http://sourceforge.net/projects/virtualhacking/files/
* http://www.badstore.net/
* http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-
vulnerable-php-owasp-top-10
* http://www.dvwa.co.uk/
* http://sourceforge.net/projects/thebutterflytmp/

== Vulnerable Software: ==

* http://www.oldapps.com/
* http://www.oldversion.com/
* http://www.exploit-db.com/webapps/
* http://code.google.com/p/wavsep/downloads/list
* http://www.owasp.org/index.php/Owasp_SiteGenerator
* http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

== Test Sites: ==

* http://www.webscantest.com/
* http://crackme.cenzic.com/Kelev/view/home.php
* http://zero.webappsecurity.com/banklogin.asp?
serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFE
RRING_URL=http://www.Freebank.com
* http://testaspnet.vulnweb.com/
* http://testasp.vulnweb.com/
* http://testphp.vulnweb.com/
* http://demo.testfire.net/
* http://hackme.ntobjectives.com/
----
= Exploitation Intro: =

If you'd like to get into exploit dev, these are really the guides and docs that
will start you off in the right direction. Since Exploit dev is not my primary
occupation this section could always use help.
* http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
* http://www.mgraziano.info/docs/stsi2010.pdf
* http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-
exploitation/
* http://www.ethicalhacker.net/content/view/122/2/
* http://code.google.com/p/it-sec-catalog/wiki/Exploitation
* http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
* http://ref.x86asm.net/index.html
----
= Reverse Engineering & Malware: =

* http://www.woodmann.com/TiGa/idaseries.html
* http://www.binary-auditing.com/
* http://visi.kenshoto.com/
* http://www.radare.org/y/
* http://www.offensivecomputing.net/
----
= Passwords and Hashes: =

* http://www.irongeek.com/i.php?page=videos/password-exploitation-class
* http://cirt.net/passwords
* http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
* http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
* http://www.foofus.net/?page_id=63
* http://hashcrack.blogspot.com/
* http://www.nirsoft.net/articles/saved_password_location.html
* http://www.onlinehashcrack.com/
* http://www.md5this.com/list.php?
* http://www.virus.org/default-password
* http://www.phenoelit-us.org/dpl/dpl.html
* http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

== Wordlists: ==
* http://contest.korelogic.com/wordlists.html
* http://packetstormsecurity.org/Crackers/wordlists/
* http://www.skullsecurity.org/wiki/index.php/Passwords
* http://www.ericheitzman.com/passwd/passwords/

== Pass the Hash: ==


* http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-
tools-mitigation_33283
* http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
* http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
----
= MiTM: =

* http://www.giac.org/certified_professionals/practicals/gsec/0810.php
* http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
* http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
* http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-
i-can-steal-your-personal-data
* http://www.mindcenter.net/uploads/ECCE101.pdf
* http://toorcon.org/pres12/3.pdf
* http://media.techtarget.com/searchUnifiedCommunications/downloads/
Seven_Deadliest_UC_Attacks_Ch3.pdf
* http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
* http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
* http://www.oact.inaf.it/ws-ssri/Costa.pdf
* http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-
hijacking_web_2.0.pdf
* http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
* http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
* http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
*
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.
pdf
* http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing
%20&%20Beyond.pdf
* http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap
%20Filters.pdf
* http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/
The_Magic_of_Ettercap.pdf
* http://articles.manugarg.com/arp_spoofing.pdf
*
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-
tool).pdf
* http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
* http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My
%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
* http://blog.spiderlabs.com/2010/12/thicknet.html
* http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-
browser_autopwn/
* http://www.go4expert.com/forums/showthread.php?t=11842
* http://www.irongeek.com/i.php?page=security/ettercapfilter
* http://openmaniak.com/ettercap_filter.php
* http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
* http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-
isolate
* http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
* http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

----
= Tools: =
== OSINT: ==
* http://www.edge-security.com/theHarvester.php
* http://www.mavetju.org/unix/dnstracer-man.php
* http://www.paterva.com/web5/
=== Metadata: ===
* http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-
silent-killer_32974
* http://lcamtuf.coredump.cx/strikeout/
* http://www.sno.phy.queensu.ca/~phil/exiftool/
* http://www.edge-security.com/metagoofil.php
* http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-
foca.html

== Google Hacking: ==
* http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-
project/
* http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
* http://sqid.rubyforge.org/#next
* http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

== Web: ==
* http://www.bindshell.net/tools/beef
* http://blindelephant.sourceforge.net/
* http://xsser.sourceforge.net/
* http://sourceforge.net/projects/rips-scanner/
* http://www.divineinvasion.net/authforce/
* http://andlabs.org/tools.html#sotf
* http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-
RaulSiles_Nov2010_v1.1.pdf
* http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-
look.html
* http://code.google.com/p/pinata-csrf-tool/
* http://xsser.sourceforge.net/#intro
* http://www.contextis.co.uk/resources/tools/clickjacking-tool/
* http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
* http://sourceforge.net/projects/ws-attacker/files/
* https://github.com/koto/squid-imposter
== Attack Strings: ==
* http://code.google.com/p/fuzzdb/
*
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
== Shells: ==
* http://sourceforge.net/projects/yokoso/
* http://sourceforge.net/projects/ajaxshell/
== Scanners: ==
* http://w3af.sourceforge.net/
* http://code.google.com/p/skipfish/
* http://sqlmap.sourceforge.net/
* http://sqid.rubyforge.org/#next
* http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
* http://code.google.com/p/fimap/wiki/WindowsAttack
* http://code.google.com/p/fm-fsf/
== Proxies: ==
=== Burp: ===
* http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-
credentials-discovery-burp-intruder_33214
* http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-
burp-api/
* http://sourceforge.net/projects/belch/files/
* http://www.securityninja.co.uk/application-security/burp-suite-tutorial-
repeater-and-comparer-tools
* http://blog.ombrepixel.com/
* http://andlabs.org/tools.html#dser
* http://feoh.tistory.com/22
* http://www.sensepost.com/labs/tools/pentest/reduh
* http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
* http://intrepidusgroup.com/insight/mallory/
* http://www.fiddler2.com/fiddler2/
* http://websecuritytool.codeplex.com/documentation?referringTitle=Home
*
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/
releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-
encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

== Social Engineering: ==
* http://www.secmaniac.com/

== Password: ==
* http://nmap.org/ncrack/
* http://www.foofus.net/~jmk/medusa/medusa.html
* http://www.openwall.com/john/
* http://ophcrack.sourceforge.net/
* http://blog.0x3f.net/tool/keimpx-in-action/
* http://code.google.com/p/keimpx/
* http://sourceforge.net/projects/hashkill/

== Metasploit: ==

* http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-
not.html
* http://code.google.com/p/msf-hack/wiki/WmapNikto
* http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-
in.html
* http://seclists.org/metasploit/
* http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
* http://meterpreter.illegalguy.hostzi.com/
* http://blog.metasploit.com/2010/03/automating-metasploit-console.html
* http://www.workrobot.com/sansfire2009/561.html
* http://www.securitytube.net/video/711
* http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
* http://vimeo.com/16852783
* http://milo2012.wordpress.com/2009/09/27/xlsinjector/
* http://www.fastandeasyhacking.com/
* http://trac.happypacket.net/
* http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-
colin-david-neurosurgery-with-meterpreter-wp.pdf
* http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-
UAV-slides.pdf

=== MSF Exploits or Easy: ===

* http://www.nessus.org/plugins/index.php?view=single&id=12204
* http://www.nessus.org/plugins/index.php?view=single&id=11413
* http://www.nessus.org/plugins/index.php?view=single&id=18021
* http://www.nessus.org/plugins/index.php?view=single&id=26918
* http://www.nessus.org/plugins/index.php?view=single&id=34821
* http://www.nessus.org/plugins/index.php?view=single&id=22194
* http://www.nessus.org/plugins/index.php?view=single&id=34476
* http://www.nessus.org/plugins/index.php?view=single&id=25168
* http://www.nessus.org/plugins/index.php?view=single&id=19408
* http://www.nessus.org/plugins/index.php?view=single&id=21564
* http://www.nessus.org/plugins/index.php?view=single&id=10862
* http://www.nessus.org/plugins/index.php?view=single&id=26925
* http://www.nessus.org/plugins/index.php?view=single&id=29314
* http://www.nessus.org/plugins/index.php?view=single&id=23643
* http://www.nessus.org/plugins/index.php?view=single&id=12052
* http://www.nessus.org/plugins/index.php?view=single&id=12052
* http://www.nessus.org/plugins/index.php?view=single&id=34477
* http://www.nessus.org/plugins/index.php?view=single&id=15962
* http://www.nessus.org/plugins/index.php?view=single&id=42106
* http://www.nessus.org/plugins/index.php?view=single&id=15456
* http://www.nessus.org/plugins/index.php?view=single&id=21689
* http://www.nessus.org/plugins/index.php?view=single&id=12205
* http://www.nessus.org/plugins/index.php?view=single&id=22182
* http://www.nessus.org/plugins/index.php?view=single&id=26919
* http://www.nessus.org/plugins/index.php?view=single&id=26921
* http://www.nessus.org/plugins/index.php?view=single&id=21696
* http://www.nessus.org/plugins/index.php?view=single&id=40887
* http://www.nessus.org/plugins/index.php?view=single&id=10404
* http://www.nessus.org/plugins/index.php?view=single&id=18027
* http://www.nessus.org/plugins/index.php?view=single&id=19402
* http://www.nessus.org/plugins/index.php?view=single&id=11790
* http://www.nessus.org/plugins/index.php?view=single&id=12209
* http://www.nessus.org/plugins/index.php?view=single&id=10673

== NSE: ==

* http://www.securitytube.net/video/931
* http://nmap.org/nsedoc/

== Net Scanners and Scripts: ==

* http://nmap.org/
* http://asturio.gmxhome.de/software/sambascan2/i.html
* http://www.softperfect.com/products/networkscanner/
* http://www.openvas.org/
* http://tenable.com/products/nessus
* http://www.rapid7.com/vulnerability-scanner.jsp
* http://www.eeye.com/products/retina/community

== Post Exploitation: ==

* http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
* http://www.phx2600.org/archive/2008/08/29/metacab/
* http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

== Netcat: ==

* http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
* http://www.radarhack.com/tutorial/ads.pdf
*
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
* http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
* http://www.dest-unreach.org/socat/
* http://www.antionline.com/archive/index.php/t-230603.html
* http://technotales.wordpress.com/2009/06/14/netcat-tricks/
* http://seclists.org/nmap-dev/2009/q1/581
* http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-
tricks/
* http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
* http://gse-compliance.blogspot.com/2008/07/netcat.html

== Source Inspection: ==

* http://www.justanotherhacker.com/projects/graudit.html
* http://code.google.com/p/javasnoop/

== Firefox Addons: ==

* https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
* https://addons.mozilla.org/en-US/firefox/addon/osvdb/
* https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-
58786/
* https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
* https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/hackbar/

== Tool Listings: ==

* http://packetstormsecurity.org/files/tags/tool
* http://tools.securitytube.net/index.php?title=Main_Page
----
= Training/Classes: =
== Sec/Hacking: ==

* http://pentest.cryptocity.net/
* http://www.irongeek.com/i.php?page=videos/network-sniffers-class
* http://samsclass.info/124/124_Sum09.shtml
* http://www.cs.ucsb.edu/~vigna/courses/cs279/
* http://crypto.stanford.edu/cs142/
* http://crypto.stanford.edu/cs155/
* http://cseweb.ucsd.edu/classes/wi09/cse227/
* http://www-inst.eecs.berkeley.edu/~cs161/sp11/
* http://security.ucla.edu/pages/Security_Talks
* http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
* http://cr.yp.to/2004-494.html
* http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
* https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
* http://stuff.mit.edu/iap/2009/#websecurity

== Metasploit: ==

*
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Informa
tion_Security_Training
* http://www.irongeek.com/i.php?page=videos/metasploit-class
* http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
* http://vimeo.com/16925188
* http://www.ustream.tv/recorded/13396511
* http://www.ustream.tv/recorded/13397426
* http://www.ustream.tv/recorded/13398740

== Programming: ==
=== Python: ===

* http://code.google.com/edu/languages/google-python-class/index.html
* http://www.swaroopch.com/notes/Python_en:Table_of_Contents
* http://www.thenewboston.com/?cat=40&pOpen=tutorial
* http://showmedo.com/videotutorials/python
* http://www.catonmat.net/blog/learning-python-programming-language-through-
video-lectures/

=== Ruby: ===

* http://www.tekniqal.com/
== Other Misc: ==

* http://www.cs.sjtu.edu.cn/~kzhu/cs490/
* https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
* http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
* http://resources.infosecinstitute.com/
* http://vimeo.com/user2720399
----
= Web Vectors =
== SQLi: ==

* http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
* http://isc.sans.edu/diary.html?storyid=9397
* http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
* http://www.evilsql.com/main/index.php
* http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
* http://securityoverride.com/articles.php?
article_id=1&article=The_Complete_Guide_to_SQL_Injections
* http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
* http://sqlzoo.net/hack/
* http://www.sqlteam.com/article/sql-server-versions
* http://www.krazl.com/blog/?p=3
* http://www.owasp.org/index.php/Testing_for_MS_Access
* http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/
May/0074.html
* http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-
sql-injection-cheat-sheet-EN.html
* http://www.youtube.com/watch?v=WkHkryIoLD0
* http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL
%20Injection%20-%20L1%202009.pdf
* http://vimeo.com/3418947
* http://sla.ckers.org/forum/read.php?24,33903
* http://websec.files.wordpress.com/2010/11/sqli2.pdf
* http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
* http://ha.ckers.org/sqlinjection/
* http://lab.mediaservice.net/notes_more.php?id=MSSQL

== Upload Tricks: ==

*
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ec
f4f91972
* http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
* http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-
applications/
* http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
* http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
* http://www.ravenphpscripts.com/article2974.html
* http://www.acunetix.com/cross-site-scripting/scanner.htm
* http://www.vupen.com/english/advisories/2009/3634
* http://msdn.microsoft.com/en-us/library/aa478971.aspx
* http://dev.tangocms.org/issues/237
* http://seclists.org/fulldisclosure/2006/Jun/508
* http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
*
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Uploa
d_Security_Bypass_Vulnerability.html
* http://shsc.info/FileUploadSecurity

== LFI/RFI: ==

* http://pastie.org/840199
* http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
* http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?
utm_source=twitterfeed&utm_medium=twitter
* http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-
the-trade/
* http://www.digininja.org/blog/when_all_you_can_do_is_read.php

== XSS: ==

* http://www.infosecwriters.com/hhworld/hh8/csstut.htm
* http://www.technicalinfo.net/papers/CSS.html
* http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
* http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-
attack-defense-guide.html
* https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-
2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
* http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-
to.html
* http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
* http://heideri.ch/jso/#javascript
* http://www.reddit.com/r/xss/
* http://sla.ckers.org/forum/list.php?2

== Coldfusion: ==

* http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-
2861/
* http://zastita.com/02114/Attacking_ColdFusion..html
* http://www.nosec.org/2010/0809/629.html
* http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-
Directory-Traversal-Disaster/ba-p/81964
*
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofin
gColdFusion.pdf

== Sharepoint: ==

*
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678
/#msg32678

== Lotus: ==

* http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
* http://seclists.org/pen-test/2002/Nov/43
* http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

== JBoss: ==

* http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
* http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

== VMWare Web: ==

* http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

== Oracle App Servers: ==

* http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
* http://www.owasp.org/index.php/Testing_for_Oracle
* http://www.ngssoftware.com/services/software-products/internet-security/
orascan.aspx
* http://www.ngssoftware.com/services/software-products/Database-Security/
NGSSQuirreLOracle.aspx
* http://www.ngssoftware.com/papers/hpoas.pdf

== SAP: ==

* http://www.onapsis.com/research.html#bizploit
* http://marc.info/?l=john-users&m=121444075820309&w=2
* http://www.phenoelit-us.org/whatSAP/index.html
----
= Wireless: =

* http://code.google.com/p/pyrit/
----
= Capture the Flag/Wargames: =

* http://intruded.net/
* http://smashthestack.org/
* http://flack.hkpco.kr/
* http://ctf.hcesperer.org/
* http://ictf.cs.ucsb.edu/
* http://capture.thefl.ag/calendar/
----
= Conferences: =

* https://www.google.com/calendar/embed?
[email protected]&gsessionid=OK
----
= Misc/Unsorted: =

* http://www.ikkisoft.com/stuff/SMH_XSS.txt
* http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-
explained.html?utm_source=twitterfeed&utm_medium=twitter
* http://whatthefuckismyinformationsecuritystrategy.com/
* http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
* http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-
cqAPioJnKDA&q=deepsec#
* http://www.sensepost.com/blog/4552.html
* http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
* http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-
testing-040210
* http://carnal0wnage.attackresearch.com/node/410
* http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
* http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
* http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
----

You might also like