Offensive Security Bookmarks Collection
Sunday, 17 February 2019
Edit
Haluuu, sudah agak lama saya tidak update artikel pada blog ini, ok baiklah pada kesempatan kali ini saya akan membuat artikel tentang Offensive Security Bookmark Collection.
Disini saya tidak akan menjelaskan terlalu detail dikarenakan isi content hanya berupa semacam link dengan berbagai macam kategori.
Yasudah langsung ke intinya aja, berikut beberapa kumpulan link berkaitan tentang security dan lain sebagainya..
Security Blogs
Security Forums
http://securityoverride.org/forum/index.php- https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
https://evilzone.org/
http://forum.antichat.ru/
https://forum.xeksec.com/
https://rdot.org/forum/
https://forum.zloy.bz/
https://forum.reverse4you.org/
https://rstforums.com/forum/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php
Tor Onion Links
Security Methodologies
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php
http://www.social-engineer.org/
http://projects.webappsec.org/w/page/13246927/FrontPage
Training/Classes/Video
https://exploit-exercises.com
https://www.cybrary.it/cyber-security/
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
https://lab.pentestit.ru/pentestlabs/3
https://trailofbits.github.io/ctf/
http://ctf.forgottensec.com/wiki/?title=Main_Page
http://smashthestack.org/
http://ctf.hcesperer.org/
https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://crypto.stanford.edu/cs155/
https://www.offensive-security.com/metasploit-unleashed/
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.securitytube.net/
http://resources.infosecinstitute.com/
https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html
https://www.youtube.com/watch?v=ANlROJNWtCs&list=PLM0IiVYClP2vC3A6Uz_ESV86kBVYei5qx
https://www.youtube.com/watch?v=Sye3mu-EoTI
https://www.youtube.com/watch?v=GPjcSxyIIUc
https://www.youtube.com/watch?v=kPxavpgos2I
https://www.youtube.com/watch?v=pnqcHU2qFiA
http://www.securitytube.net/video/7640
https://www.youtube.com/watch?v=y2zrEAwmdws
http://www.securitytube.net/video/7735
Pentest Tools
https://github.com/pwnwiki/pwnwiki.github.io
https://github.com/sbilly/awesome-security
https://github.com/paragonie/awesome-appsec
https://github.com/enaqx/awesome-pentest
https://github.com/kahun/awesome-sysadmin#security
http://beefproject.com/
https://xsser.03c8.net/
https://code.google.com/p/fuzzdb/
https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://w3af.org/
https://code.google.com/p/skipfish/
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214
https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/
http://www.justanotherhacker.com/projects/graudit.html
https://packetstormsecurity.com/files/tags/tool
Pentest Lab ISO-VMs
http://www.amanhardikar.com/mindmaps/PracticeUrls.html
https://www.kali.org/
https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
http://blackarch.org/
https://code.google.com/p/owaspbwa/
https://www.mavensecurity.com/web_security_dojo/
http://hackingdojo.com/dojo-media/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
http://sourceforge.net/projects/lampsecurity/?source=navbar
https://www.hacking-lab.com/index.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/
http://magikh0e.ihtb.org/pubPapers/
Metasploit
http://resources.metasploit.com/
http://netsec.ws/?p=262
http://seclists.org/metasploit/
https://www.offensive-security.com/metasploit-unleashed/Introduction/
http://www.offensive-security.com/metasploit-unleashed/Msfvenom
https://community.rapid7.com/community/metasploit/
http://www.securitytube.net/video/711?q=METASPLOIT
https://en.wikibooks.org/wiki/Metasploit
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
Net Scanners
https://nmap.org/
https://nmap.org/nsedoc/
http://www.securitytube.net/video/931
https://nmap.org/nsedoc/
http://www.openvas.org/
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Man-in-the-middle attack
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
https://packetstormsecurity.com/papers/wireless/cracking-air.pdf
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/nf.html
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
Phase 1 - Reconnaissance: Information Gathering before the Attack
https://en.wikipedia.org/wiki/Open-source_intelligence
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.infond.fr/2010/05/toturial-footprinting.html
Phase 1.1 - People and Orginizational
http://www.spokeo.com/
http://www.spoke.com/
https://www.xing.com/
http://www.zoominfo.com/
https://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://www.glassdoor.com/index.htm
https://connect.data.com/
https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
https://www.tineye.com/
http://www.peekyou.com/
Phase 1.2 - Infastructure
http://uptime.netcraft.com/
http://www.shodanhq.com/
http://www.domaintools.com/
http://centralops.net/co/
http://whois.webhosting.info/
https://www.ssllabs.com/ssltest/analyze.html
https://www.exploit-db.com/google-hacking-database/
http://www.my-ip-neighbors.com/
Phase 1.2 - Tools
OSINT Tools
http://www.edge-security.com/theharvester.php
http://www.edge-security.com/metagoofil.php
http://www.paterva.com/web6/
https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Phase 2 - Enumeration: Finding Attack Vectors
https://bitvijays.github.io/blog/2015/04/09/learning-from-the-field-intelligence-gathering/
http://securitysynapse.blogspot.be/2013_08_01_archive.html
https://hackertarget.com/attacking-wordpress/
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
http://www.0daysecurity.com/penetration-testing/enumeration.html
https://github.com/n3ko1/WrapMap
https://cirt.net/Nikto2
http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/
http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html
http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
https://github.com/isaudits/autoenum
http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
http://www.madirish.net/59
http://www.enye-sec.org/en/papers/web_vuln-en.txt
Phase 3 - Exploitation: Verifying Security Weaknesses
http://pwnwiki.io
http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf
http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd
https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf
https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell
Dump Windows Password Hashes
Windows Passhing The Hash
https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/
Windows Previlige Escalation
http://toshellandback.com/2015/11/24/ms-priv-esc/- [https://labs.mwrinfosecurity.com/system/assets/760/original/Windows_Services_-
All_roads_lead_to_SYSTEM.pdf](https://labs.mwrinfosecurity.com/system/assets/760/original/Windows_Services-_All_roads_lead_to_SYSTEM.pdf)
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
https://github.com/0xdeafbeef/PSSecSnapshot
http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
http://www.fuzzysecurity.com/tutorials/16.html
http://www.youtube.com/watch?v=kMG8IsCohHA
http://www.youtube.com/watch?v=_8xJaaQlpBo
http://www.greyhathacker.net/?p=738
http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html
Linux Previlige Escalation
http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf
http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html
http://pentestmonkey.net/tools/audit/unix-privesc-check
http://www.rebootuser.com/?page_id=1721
http://www.rebootuser.com/?p=1758
http://www.rebootuser.com/?p=1623
http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html
Tunneling & Port Forwarding
https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
https://highon.coffee/blog/reverse-shell-cheat-sheet/
https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
http://staff.washington.edu/corey/fw/ssh-port-forwarding.html
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html
http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html
http://www.offensive-security.com/metasploit-unleashed/Portfwd
http://www.offensive-security.com/metasploit-unleashed/Pivoting
http://www.howtoforge.com/reverse-ssh-tunneling
http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla
XSS Cheat Codes
WebShells
SQLi General Resources
http://www.w3schools.com/sql/sql_injection.asp
http://sqlzoo.net/hack/
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
http://websec.ca/kb/sql_injection
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.unixwiz.net/techtips/sql-injection.html
http://www.sqlinjectionwiki.com/
http://sqlmap.org/
https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
http://bobby-tables.com/
MySQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
http://resources.infosecinstitute.com/backdoor-sql-injection/
MSSQLi Resources
http://evilsql.com/main/page2.php
http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
Oracle SQLi Resources
Postgres SQLi Resources
SQLite Resources
RFI/LFI Tutorials
https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/
http://www.hackersonlineclub.com/lfi-rfi
https://0xzoidberg.wordpress.com/category/security/lfi-rfi/
NASM Tutorial
Buffer Overflow Tutorial
http://www.madirish.net/142
http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow
http://resources.infosecinstitute.com/author/nikhil-kumar/
http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156
http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html
http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148
https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/
http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html
https://forum.reverse4you.org/showthread.php?t=1371
http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html
Exploit Development
https://www.corelan.be/index.php/articles/
http://www.fuzzysecurity.com/tutorials.html
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit
http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html
http://ref.x86asm.net/index.html
https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
https://forum.reverse4you.org/showthread.php?t=1371
Exploits and Shellcodes
https://www.exploit-db.com/
https://packetstormsecurity.com/
http://www.securityfocus.com/bid
https://nvd.nist.gov/
http://osvdb.org/
http://www.secdocs.org/
http://www.cvedetails.com/
https://cve.mitre.org/
http://www.windowsexploits.com/
http://farlight.org/index.html?type=shellcode
http://shell-storm.org/shellcode/
Reverse Engineering
https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/
http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html
http://www.woodmann.com/TiGa/idaseries.html
http://visi.kenshoto.com/viki/MainPage
http://www.radare.org/r/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
https://www.exploit-db.com/webapps/
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
OS Cheat Sheets and Script Syntax
https://www.owasp.org/index.php/Cheat_Sheets
http://www.cheat-sheets.org/
http://ss64.com/nt/
https://rstforums.com/forum/22324-hacking-tools-windows.rst
https://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://mywiki.wooledge.org/BashPitfalls
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
http://www.robvanderwoude.com/ntadmincommands.php
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png
https://danielmiessler.com/study/tcpdump/
http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf
Passwords Wordlists, Hashes, Tools
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
https://cirt.net/passwords
http://h.foofus.net/?page_id=51
http://h.foofus.net/?page_id=55
http://foofus.net/?page_id=63
http://hashcrack.blogspot.ru/
http://www.onlinehashcrack.com/
http://www.md5this.com/
http://contest-2010.korelogic.com/wordlists.html
https://packetstormsecurity.com/Crackers/wordlists/
http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html
https://wiki.skullsecurity.org/Passwords
https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283
https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219
https://nmap.org/ncrack/
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
https://inquisb.github.io/keimpx/
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/
InfoSec Hiring
Reddit Thread Q3 2015
Reddit Thread Q2 2015
ShmooCon Hiring List 2015
SANS
Careers Stackoverflow
PenTester Salary
San Francisco InfoSec Jobs
Infosecinstitute.com
Inspiredcareers.org/
IT Certifications
Links Collections
http://in-addr.nl/security-links.php
http://ser-storchak.blogspot.ru/p/blog-page_16.html
Reddit NetsecStudents Wiki
https://www.vulnhub.com/resources/
Books
Cukup sekian artikel kali ini mengenai tentang hal security dan sebagainya. Semoga apa yang saya bagikan pada artikel kali ini bermanfaat buat teman-teman semua. Have a good day, see u!
Sumber: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
