14023

GitHub - blaCCkHatHacEEkr/PENTESTING-BIBLE: This repository was created and deve...

 4 years ago
source link: https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

PENTESTING-BIBLE

hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

MORE THAN 1000 LINK

MORE TO COME

-1- 3 Ways Extract Password Hashes from NTDS.dit:

https://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit

-2- 3 ways to Capture HTTP Password in Network PC:

https://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/

-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:

www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/

-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:

https://medium.com/p/2e143eb36941

-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:

https://medium.com/p/a11bb5f863b3/share/twitter

-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:

https://medium.com/p/a69afe5a0899

-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:

https://medium.com/p/e51a945b083d

-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:

https://medium.com/p/b29355a8e68e

-9-Recon — my way:

https://medium.com/p/82b7e5f62e21

-10-Reconnaissance: a eulogy in three acts:

https://medium.com/p/7840824b9ef2

-11-Red-Teaming-Toolkit:

https://github.com/infosecn1nja/Red-Teaming-Toolkit

-12-Red Team Tips:

https://vincentyiu.co.uk/

-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:

https://modexp.wordpress.com/2019/04/24/glibc-shellcode/

-14-Shellcode: Encrypting traffic:

https://modexp.wordpress.com/2018/08/17/shellcode-encrypting-traffic/

-15-Penetration Testing of an FTP Server:

https://medium.com/p/19afe538be4b

-16-Reverse Engineering of the Anubis Malware — Part 1:

https://medium.com/p/741e12f5a6bd

-17-Privilege Escalation on Linux with Live examples:

https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/

-18-Pentesting Cheatsheets:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:

https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud

-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:

https://sguru.org/ghdb-download-list-4500-google-dorks-free/

-21-SQL Injection Cheat Sheet:

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-22-SQLmap’s os-shell + Backdooring website with Weevely:

https://medium.com/p/8cb6dcf17fa4

-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:

https://medium.com/p/c5a3f5764cb3

-24-Top 10 Essential NMAP Scripts for Web App Hacking:

https://medium.com/p/c7829ff5ab7

-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:

https://medium.com/p/52cf5c5640a1

-26-Re ected XSS Bypass Filter:

https://medium.com/p/de41d35239a3

-27-XSS Payloads, getting past alert(1):

https://medium.com/p/217ab6c6ead7

-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:

https://medium.com/p/50d8135b7549

-29-Web Application Firewall (WAF) Evasion Techniques:

https://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques

-30-OSINT Resources for 2019:

https://medium.com/p/b15d55187c3f

-31-The OSINT Toolkit:

https://medium.com/p/3b9233d1cdf9

-32-OSINT : Chasing Malware + C&C Servers:

https://medium.com/p/3c893dc1e8cb

-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:

https://medium.com/p/94377aa1f20a

-34-From OSINT to Internal – Gaining Access from outside the perimeter:

https://www.n00py.io/.../from-osint-to-internal-gaining-access-from-the-outside-the-perimeter

-35-Week in OSINT #2018–35:

https://medium.com/p/b2ab1765157b

-36-Week in OSINT #2019–14:

https://medium.com/p/df83f5b334b4

-37-Instagram OSINT | What A Nice Picture:

https://medium.com/p/8f4c7edfbcc6

-38-awesome-osint:

https://github.com/jivoi/awesome-osint

-39-OSINT_Team_Links:

https://github.com/IVMachiavelli/OSINT_Team_Links

-40-Open-Source Intelligence (OSINT) Reconnaissance:

https://medium.com/p/75edd7f7dada

-41-Hacking Cryptocurrency Miners with OSINT Techniques:

https://medium.com/p/677bbb3e0157

-42-A penetration tester’s guide to sub- domain enumeration:

https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6?gi=f44ec9d8f4b5

-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:

https://blackarch.org/recon.html

-44-What tools I use for my recon during BugBounty:

https://medium.com/p/ec25f7f12e6d

-45-Command and Control – DNS:

https://pentestlab.blog/2017/09/06/command-and-control-dns/

-46-Command and Control – WebDAV:

https://pentestlab.blog/2017/09/12/command-and-control-webdav/

-47-Command and Control – Twitter:

https://pentestlab.blog/2017/09/26/command-and-control-twitter/

-48-Command and Control – Kernel:

https://pentestlab.blog/2017/10/02/command-and-control-kernel/

-49-Source code disclosure via exposed .git folder:

https://pentester.land/tutorials/.../source-code-disclosure-via-exposed-git-folder.html

-50-Pentesting Cheatsheet:

https://hausec.com/pentesting-cheatsheet/

-51-Windows Userland Persistence Fundamentals:

https://www.fuzzysecurity.com/tutorials/19.html

-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:

https://medium.com/p/abdc7c269dd5

-53-awesome-bug-bounty:

https://github.com/djadmin/awesome-bug-bounty

-54-dostoevsky-pentest-notes:

https://github.com/dostoevskylabs/dostoevsky-pentest-notes

-55-awesome-pentest:

https://github.com/enaqx/awesome-pentest

-56-awesome-windows-exploitation:

https://github.com/enddo/awesome-windows-exploitation

-57-awesome-exploit-development:

https://github.com/FabioBaroni/awesome-exploit-development

-58-BurpSuit + SqlMap = One Love:

https://medium.com/p/64451eb7b1e8

-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:

https://medium.com/p/a5a5d3ffea46

-60-DLL Injection:

https://pentestlab.blog/2017/04/04/dll-injection

-61-DLL Hijacking:

https://pentestlab.blog/2017/03/27/dll-hijacking

-62-My Recon Process — DNS Enumeration:

https://medium.com/p/d0e288f81a8a

-63-Google Dorks for nding Emails, Admin users etc:

https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc

-64-Google Dorks List 2018:

https://medium.com/p/fb70d0cbc94

-65-Hack your own NMAP with a BASH one-liner:

https://medium.com/p/758352f9aece

-66-UNIX / LINUX CHEAT SHEET:

cheatsheetworld.com/programming/unix-linux-cheat-sheet/

-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

https://medium.com/p/74d2bec02099

-68- information gathering:

https://pentestlab.blog/category/information-gathering/

-69-post exploitation:

https://pentestlab.blog/category/post-exploitation/

-70-privilege escalation:

https://pentestlab.blog/category/privilege-escalation/

-71-red team:

https://pentestlab.blog/category/red-team/

-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-73-Web Application Penetration Testing Cheat Sheet:

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

-74-Windows Kernel Exploits:

https://pentestlab.blog/2017/04/24/windows-kernel-exploits

-75-Windows oneliners to download remote payload and execute arbitrary code:

https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/

-76-Windows-Post-Exploitation:

https://github.com/emilyanncr/Windows-Post-Exploitation

-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:

https://medium.com/p/a2ddc3557403

-78-Windows Privilege Escalation Fundamentals:

https://www.fuzzysecurity.com/tutorials/16.html

-79-Windows Privilege Escalation Guide:

www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

-80-Windows Active Directory Post Exploitation Cheatsheet:

https://medium.com/p/48c2bd70388

-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:

https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html

-82-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-83- Big List Of Google Dorks Hacking:

https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking

-84-List of google dorks for sql injection:

https://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/

-85-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-86-Comprehensive Guide to Sqlmap (Target Options):

http://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2

-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:

www.cybersyndicates.com/.../email-reconnaissance-phishing-template-generation-made-simple

-88-Comprehensive Guide on Gobuster Tool:

https://www.hackingarticles.in/comprehensive-guide-on-gobuster-tool/

-89-My Top 5 Web Hacking Tools:

https://medium.com/p/e15b3c1f21e8

-90-[technical] Pen-testing resources:

https://medium.com/p/cd01de9036ad

-91-File System Access on Webserver using Sqlmap:

http://www.hackingarticles.in/file-system-access-on-webserver-using-sqlmap

-92-kali-linux-cheatsheet:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-93-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):

http://www.hackingarticles.in/command-injection-exploitation-through-sqlmap-in-dvwa

-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:

https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html

-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:

https://www.notsosecure.com/analyzing-cve-2018-6376/

-97-Exploiting Sql Injection with Nmap and Sqlmap:

http://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap

-98-awesome-malware-analysis:

https://github.com/rshipp/awesome-malware-analysis

-99-Anatomy of UAC Attacks:

https://www.fuzzysecurity.com/tutorials/27.html

-100-awesome-cyber-skills:

https://github.com/joe-shenouda/awesome-cyber-skills

-101-5 ways to Banner Grabbing:

http://www.hackingarticles.in/5-ways-banner-grabbing

-102-6 Ways to Hack PostgresSQL Login:

http://www.hackingarticles.in/6-ways-to-hack-postgressql-login

-103-6 Ways to Hack SSH Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ssh-login-password

-104-10 Free Ways to Find Someone’s Email Address:

https://medium.com/p/e6f37f5fe10a

-105-USING A SCF FILE TO GATHER HASHES:

https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes

-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):

http://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit

107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:

http://www.hackingarticles.in/hack-remote-windows-pc-using-office-ole-multiple-dll-hijack-vulnerabilities

-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):

https://medium.com/p/ef6542301c65

-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:

https://gbhackers.com/external-black-box-penetration-testing

-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:

https://gbhackers.com/hacking-tools-list

-111-Most Important Considerations with Malware Analysis Cheats And Tools list:

https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list

-112-Awesome-Hacking:

https://github.com/Hack-with-Github/Awesome-Hacking

-113-awesome-threat-intelligence:

https://github.com/hslatman/awesome-threat-intelligence

-114-awesome-yara:

https://github.com/InQuest/awesome-yara

-115-Red-Team-Infrastructure-Wiki:

https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

-116-awesome-pentest:

https://github.com/enaqx/awesome-pentest

-117-awesome-cyber-skills:

https://github.com/joe-shenouda/awesome-cyber-skills

-118-pentest-wiki:

https://github.com/nixawk/pentest-wiki

-119-awesome-web-security:

https://github.com/qazbnm456/awesome-web-security

-120-Infosec_Reference:

https://github.com/rmusser01/Infosec_Reference

-121-awesome-iocs:

https://github.com/sroberts/awesome-iocs

-122-blackhat-arsenal-tools:

https://github.com/toolswatch/blackhat-arsenal-tools

-123-awesome-social-engineering:

https://github.com/v2-dev/awesome-social-engineering

-124-Penetration Testing Framework 0.59:

www.vulnerabilityassessment.co.uk/Penetration%20Test.html

-125-Penetration Testing Tools Cheat Sheet :

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:

https://gbhackers.com/sn1per-a-detailed-explanation-of-most-advanced-automated-information-gathering-penetration-testing-tool

-127-Spear Phishing 101:

https://blog.inspired-sec.com/archive/2017/05/07/Phishing.html

-128-100 ways to discover (part 1):

https://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/

-129-Comprehensive Guide to SSH Tunnelling:

http://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/

-130-Capture VNC Session of Remote PC using SetToolkit:

http://www.hackingarticles.in/capture-vnc-session-remote-pc-using-settoolkit/

-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:

http://www.hackingarticles.in/hack-remote-pc-using-psexec-injection-set-toolkit/

-132-Denial of Service Attack on Network PC using SET Toolkit:

http://www.hackingarticles.in/denial-of-service-attack-on-network-pc-using-set-toolkit/

-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:

http://www.hackingarticles.in/hack-gmail-and-facebook-of-remote-pc-using-dns-spoofing-and-set-toolkit/

-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):

http://www.hackingarticles.in/hack-android-phone-droidjack-beginners-guide/

-135-HTTP RAT Tutorial for Beginners:

http://www.hackingarticles.in/http-rat-tutorial-beginners/

-136-5 ways to Create Permanent Backdoor in Remote PC:

http://www.hackingarticles.in/5-ways-create-permanent-backdoor-remote-pc/

-137-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-138-EMPIRE TIPS AND TRICKS:

https://enigma0x3.net/2015/08/26/empire-tips-and-tricks/

-139-CSRF account takeover Explained Automated/Manual:

https://medium.com/p/447e4b96485b

-140-CSRF Exploitation using XSS:

http://www.hackingarticles.in/csrf-exploitation-using-xss

-141-Dumping Domain Password Hashes:

https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/

-142-Empire Post Exploitation – Unprivileged Agent to DA Walkthrough:

https://bneg.io/2017/05/24/empire-post-exploitation/

-143-Dropbox for the Empire:

https://bneg.io/2017/05/13/dropbox-for-the-empire/

-144-Empire without PowerShell.exe:

https://bneg.io/2017/07/26/empire-without-powershell-exe/

-145-REVIVING DDE: USING ONENOTE AND EXCEL FOR CODE EXECUTION:

https://enigma0x3.net/2018/01/29/reviving-dde-using-onenote-and-excel-for-code-execution/

-146-PHISHING WITH EMPIRE:

https://enigma0x3.net/2016/03/15/phishing-with-empire/

-146-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-147-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/

-148-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/

-149-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM:

https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/

-151-enum4linux Cheat Sheet:

https://highon.coffee/blog/enum4linux-cheat-sheet/

-152-enumeration:

https://technologyredefine.blogspot.com/2017/11/enumeration.html

-153-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-154-Command and Control – WMI:

https://pentestlab.blog/2017/11/20/command-and-control-wmi

-155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-156-Comprehensive Guide to Nmap Port Status:

http://www.hackingarticles.in/comprehensive-guide-nmap-port-status

-157-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-158-Compromising Jenkins and extracting credentials:

https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/

-159-footprinting:

https://technologyredefine.blogspot.com/2017/09/footprinting_17.html

-160-awesome-industrial-control-system-security:

https://github.com/hslatman/awesome-industrial-control-system-security

-161-xss-payload-list:

https://github.com/ismailtasdelen/xss-payload-list

-162-awesome-vehicle-security:

https://github.com/jaredthecoder/awesome-vehicle-security

-163-awesome-osint:

https://github.com/jivoi/awesome-osint

-164-awesome-python:

https://github.com/vinta/awesome-python

-165-Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit):

https://www.exploit-db.com/download/44830.rb

-166-nbtscan Cheat Sheet:

https://highon.coffee/blog/nbtscan-cheat-sheet/

-167-neat-tricks-to-bypass-csrfprotection:

www.slideshare.net/0ang3el/neat-tricks-to-bypass-csrfprotection

-168-ACCESSING CLIPBOAR D FROM THE LOC K SC REEN IN WI NDOWS 10 #2:

https://oddvar.moe/2017/01/27/access-clipboard-from-lock-screen-in-windows-10-2/

-169-NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts):

https://medium.com/p/868a7bd7f692

-170-Nmap Cheat Sheet:

https://highon.coffee/blog/nmap-cheat-sheet/

-171-Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV:

https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

-172-Phishing with PowerPoint:

https://www.blackhillsinfosec.com/phishing-with-powerpoint/

-173-hide-payload-ms-office-document-properties:

https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/

-174-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-175-How to Build a C2 Infrastructure with Digital Ocean – Part 1:

https://www.blackhillsinfosec.com/build-c2-infrastructure-digital-ocean-part-1/

-176-WordPress Penetration Testing using Symposium Plugin SQL Injection:

http://www.hackingarticles.in/wordpress-penetration-testing-using-symposium-plugin-sql-injection

-177-Manual SQL Injection Exploitation Step by Step:

http://www.hackingarticles.in/manual-sql-injection-exploitation-step-step

-178-MSSQL Penetration Testing with Metasploit:

http://www.hackingarticles.in/mssql-penetration-testing-metasploit

-179-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file

-180-MySQL Penetration Testing with Nmap:

http://www.hackingarticles.in/mysql-penetration-testing-nmap

-181-NetBIOS and SMB Penetration Testing on Windows:

http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows

-182-Network Packet Forensic using Wireshark:

http://www.hackingarticles.in/network-packet-forensic-using-wireshark

-183-Escape and Evasion Egressing Restricted Networks:

https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks/

-183-Awesome-Hacking-Resources:

https://github.com/vitalysim/Awesome-Hacking-Resources

-184-Hidden directories and les as a source of sensitive information about web application:

https://medium.com/p/84e5c534e5ad

-185-Hiding Registry keys with PSRe ect:

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

-186-awesome-cve-poc:

https://github.com/qazbnm456/awesome-cve-poc

-187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

https://medium.com/p/74d2bec02099

-188-Post Exploitation in Windows using dir Command:

http://www.hackingarticles.in/post-exploitation-windows-using-dir-command

189-Web Application Firewall (WAF) Evasion Techniques #2:

https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0

-190-Forensics Investigation of Remote PC (Part 1):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-1

-191-CloudFront Hijacking:

https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/

-192-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-193-Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato:

http://www.hackingarticles.in/privilege-escalation-on-windows-7810-server-2008-server-2012-using-potato

-194-How to intercept TOR hidden service requests with Burp:

https://medium.com/p/6214035963a0

-195-How to Make a Captive Portal of Death:

https://medium.com/p/48e82a1d81a/share/twitter

-196-How to find any CEO’s email address in minutes:

https://medium.com/p/70dcb96e02b0

197-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-198-Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation:

https://www.exploit-db.com/download/44630.txt

-199-Microsoft Word upload to Stored XSS:

https://www.n00py.io/2018/03/microsoft-word-upload-to-stored-xss/

-200-MobileApp-Pentest-Cheatsheet:

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

-201-awesome:

https://github.com/sindresorhus/awesome

-201-writing arm shellcode:

https://azeria-labs.com/writing-arm-shellcode/

-202-debugging with gdb introduction:

https://azeria-labs.com/debugging-with-gdb-introduction/

-203-emulate raspberrypi with qemu:

https://azeria-labs.com/emulate-raspberry-pi-with-qemu/

-204-Bash One-Liner to Check Your Password(s) via pwnedpasswords.com’s API Using the k-Anonymity Method:

https://medium.com/p/a5807a9a8056

-205-A Red Teamer's guide to pivoting:

https://artkond.com/2017/03/23/pivoting-guide/

-206-Using WebDAV features as a covert channel:

https://arno0x0x.wordpress.com/2017/09/07/using-webdav-features-as-a-covert-channel/

-207-A View of Persistence:

https://rastamouse.me/2018/03/a-view-of-persistence/

-208- pupy websocket transport:

https://bitrot.sh/post/28-11-2017-pupy-websocket-transport/

-209-Subdomains Enumeration Cheat Sheet:

https://pentester.land/cheatsheets/2018/11/.../subdomains-enumeration-cheatsheet.html

-210-DNS Reconnaissance – DNSRecon:

https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/

-211-Cheatsheets:

https://bitrot.sh/cheatsheet

-212-Understanding Guide to Nmap Firewall Scan (Part 2):

http://www.hackingarticles.in/understanding-guide-nmap-firewall-scan-part-2

-213-Exploit Office 2016 using CVE-2018-0802:

https://technologyredefine.blogspot.com/2018/01/exploit-office-2016-using-cve-2018-0802.html

-214-windows-exploit-suggester:

https://technologyredefine.blogspot.com/2018/01/windows-exploit-suggester.html

-215-INSTALLING PRESISTENCE BACKDOOR IN WINDOWS:

https://technologyredefine.blogspot.com/2018/01/installing-presistence-backdoor-in.html

-216-IDS, IPS AND FIREWALL EVASION USING NMAP:

https://technologyredefine.blogspot.com/2017/09/ids-ips-and-firewall-evasion-using-nmap.html

-217-Wireless Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/wireless-penetration-testing-checklist-a-detailed-cheat-sheet

218-Most Important Web Application Security Tools & Resources for Hackers and Security Professionals:

https://gbhackers.com/web-application-security-tools-resources

-219-Web Application Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/web-application-penetration-testing-checklist-a-detailed-cheat-sheet

-220-Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing:

https://gbhackers.com/top-500-important-xss-cheat-sheet

-221-USBStealer – Password Hacking Tool For Windows Machine Applications:

https://gbhackers.com/pasword-hacking

-222-Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals:

https://gbhackers.com/mobile-application-penetration-testing

-223-Metasploit Can Be Directly Used For Hardware Penetration Testing Now:

https://gbhackers.com/metasploit-can-be-directly-used-for-hardware-vulnerability-testing-now

-224-How to Perform Manual SQL Injection While Pentesting With Single quote Error Based Parenthesis Method:

https://gbhackers.com/manual-sql-injection-2

-225-Email Spoo ng – Exploiting Open Relay configured Public Mailservers:

https://gbhackers.com/email-spoofing-exploiting-open-relay

-226-Email Header Analysis – Received Email is Genuine or Spoofed:

https://gbhackers.com/email-header-analysis

-227-Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals:

https://gbhackers.com/cyber-threat-intelligence-tools

-228-Creating and Analyzing a Malicious PDF File with PDF-Parser Tool:

https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool

-229-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-230-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-231-A8-Cross-Site Request Forgery (CSRF):

https://gbhackers.com/a8-cross-site-request-forgery-csrf

-232-Fully undetectable backdooring PE File:

https://haiderm.com/fully-undetectable-backdooring-pe-file/

-233-backdooring exe files:

https://haiderm.com/tag/backdooring-exe-files/

-234-From PHP (s)HELL to Powershell Heaven:

https://medium.com/p/da40ce840da8

-235-Forensic Investigation of Nmap Scan using Wireshark:

http://www.hackingarticles.in/forensic-investigation-of-nmap-scan-using-wireshark

-236-Unleashing an Ultimate XSS Polyglot:

https://github.com/0xsobky/HackVault/wiki

-237-wifi-arsenal:

https://github.com/0x90/wifi-arsenal

-238-XXE_payloads:

https://gist.github.com/staaldraad/01415b990939494879b4

-239-xss_payloads_2016:

https://github.com/7ioSecurity/XSS-Payloads/raw/master/xss_payloads_2016

-240-A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.:

https://github.com/alebcay/awesome-shell

-241-The goal of this repository is to document the most common techniques to bypass AppLocker.:

https://github.com/api0cradle/UltimateAppLockerByPassList

-242-A curated list of CTF frameworks, libraries, resources and softwares:

https://github.com/apsdehal/awesome-ctf

-243-A collection of android security related resources:

https://github.com/ashishb/android-security-awesome

-244-OSX and iOS related security tools:

https://github.com/ashishb/osx-and-ios-security-awesome

-245-regexp-security-cheatsheet:

https://github.com/attackercan/regexp-security-cheatsheet

-246-PowerView-2.0 tips and tricks:

https://gist.github.com/HarmJ0y/3328d954607d71362e3c

-247-A curated list of awesome awesomeness:

https://github.com/bayandin/awesome-awesomeness

-248-Android App Security Checklist:

https://github.com/b-mueller/android_app_security_checklist

-249-Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:

https://github.com/brannondorsey/wifi-cracking

-250-My-Gray-Hacker-Resources:

https://github.com/bt3gl/My-Gray-Hacker-Resources

-251-A collection of tools developed by other researchers in the Computer Science area to process network traces:

https://github.com/caesar0301/awesome-pcaptools

-252-A curated list of awesome Hacking tutorials, tools and resources:

https://github.com/carpedm20/awesome-hacking

-253-RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.:

https://github.com/cn0xroot/RFSec-ToolKit

-254-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-255-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-256-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-257-A curated list of awesome forensic analysis tools and resources:

https://github.com/cugu/awesome-forensics

-258-Open-Redirect-Payloads:

https://github.com/cujanovic/Open-Redirect-Payloads

-259-A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.:

https://github.com/Cyb3rWard0g/ThreatHunter-Playbook

-260-Windows memory hacking library:

https://github.com/DarthTon/Blackbone

-261-A collective list of public JSON APIs for use in security.:

https://github.com/deralexxx/security-apis

-262-An authoritative list of awesome devsecops tools with the help from community experiments and contributions.:

https://github.com/devsecops/awesome-devsecops

-263-List of Awesome Hacking places, organised by Country and City, listing if it features power and wifi:

https://github.com/diasdavid/awesome-hacking-spots

-264-A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups:

https://github.com/djadmin/awesome-bug-bounty

-265-Notes for taking the OSCP in 2097:

https://github.com/dostoevskylabs/dostoevsky-pentest-notes

-266-A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom:

https://github.com/enddo/awesome-windows-exploitation

-267-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development:

https://github.com/FabioBaroni/awesome-exploit-development

-268-A curated list of awesome reversing resources:

https://github.com/fdivrp/awesome-reversing

-269-Git All the Payloads! A collection of web attack payloads:

https://github.com/foospidy/payloads

-270-GitHub Project Resource List:

https://github.com/FuzzySecurity/Resource-List

-271-Use your macOS terminal shell to do awesome things.:

https://github.com/herrbischoff/awesome-macos-command-line

-272-Defeating Windows User Account Control:

https://github.com/hfiref0x/UACME

-273-Free Security and Hacking eBooks:

https://github.com/Hack-with-Github/Free-Security-eBooks

-274-Universal Radio Hacker: investigate wireless protocols like a boss:

https://github.com/jopohl/urh

-275-A curated list of movies every hacker & cyberpunk must watch:

https://github.com/k4m4/movies-for-hackers

-276-Various public documents, whitepapers and articles about APT campaigns:

https://github.com/kbandla/APTnotes

-277-A database of common, interesting or useful commands, in one handy referable form:

https://github.com/leostat/rtfm

-278-A curated list of tools for incident response:

https://github.com/meirwah/awesome-incident-response

-279-A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys:

https://github.com/meitar/awesome-lockpicking

-280-A curated list of static analysis tools, linters and code quality checkers for various programming languages:

https://github.com/mre/awesome-static-analysis

-281-A Collection of Hacks in IoT Space so that we can address them (hopefully):

https://github.com/nebgnahz/awesome-iot-hacks

-281-A Course on Intermediate Level Linux Exploitation:

https://github.com/nnamon/linux-exploitation-course

-282-Kali Linux Cheat Sheet for Penetration Testers:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-283-A curated list of awesome infosec courses and training resources.:

https://github.com/onlurking/awesome-infosec

-284-A curated list of resources for learning about application security:

https://github.com/paragonie/awesome-appsec

-285-an awesome list of honeypot resources:

https://github.com/paralax/awesome-honeypots

286-GitHub Enterprise SQL Injection:

https://www.blogger.com/share-post.g?blogID=2987759532072489303&postID=6980097238231152493

-287-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis:

https://github.com/secfigo/Awesome-Fuzzing

-288-PHP htaccess injection cheat sheet:

https://github.com/sektioneins/pcc/wiki

-289-A curated list of the awesome resources about the Vulnerability Research:

https://github.com/sergey-pronin/Awesome-Vulnerability-Research

-290-A list of useful payloads and bypass for Web Application Security and Pentest/CTF:

https://github.com/swisskyrepo/PayloadsAllTheThings

-291-A collection of Red Team focused tools, scripts, and notes:

https://github.com/threatexpress/red-team-scripts

-292-Awesome XSS stuff:

https://github.com/UltimateHackers/AwesomeXSS

-293-A collection of hacking / penetration testing resources to make you better!:

https://github.com/vitalysim/Awesome-Hacking-Resources

-294-Docker Cheat Sheet:

https://github.com/wsargent/docker-cheat-sheet

-295-Decrypted content of eqgrp-auction-file.tar.xz:

https://github.com/x0rz/EQGRP

-296-A bunch of links related to Linux kernel exploitation:

https://github.com/xairy/linux-kernel-exploitation

-297-Penetration Testing 102 - Windows Privilege Escalation Cheatsheet:

www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet

-298-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-299-Windows Privilege Escalation Methods for Pentesters:

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

-300-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

-301-Reading Your Way Around UAC (Part 1):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html

-302--Reading Your Way Around UAC (Part 2):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html

-303-Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2):

https://stealingthe.network/executing-metasploit-empire-payloads-from-ms-office-document-properties-part-2-of-2/

-304-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:

https://medium.com/p/29d034c27978

-304-Automating Cobalt Strike,Aggressor Collection Scripts:

https://github.com/bluscreenofjeff/AggressorScripts

https://github.com/harleyQu1nn/AggressorScripts

-305-Vi Cheat Sheet:

https://highon.coffee/blog/vi-cheat-sheet/

-306-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-307-LFI Cheat Sheet:

https://highon.coffee/blog/lfi-cheat-sheet/

-308-Systemd Cheat Sheet:

https://highon.coffee/blog/systemd-cheat-sheet/

-309-Aircrack-ng Cheatsheet:

https://securityonline.info/aircrack-ng-cheatsheet/

-310-Kali Linux Cheat Sheet for Penetration Testers:

https://www.blackmoreops.com/?p=7212

-311-Wifi Pentesting Command Cheatsheet:

https://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/

-312-Android Testing Environment Cheatsheet (Part 1):

https://randomkeystrokes.com/2016/10/17/android-testing-environment-cheatsheet/

-313-cheatsheet:

https://randomkeystrokes.com/category/cheatsheet/

-314-Reverse Shell Cheat Sheet:

https://highon.coffee/blog/reverse-shell-cheat-sheet/

-315-Linux Commands Cheat Sheet:

https://highon.coffee/blog/linux-commands-cheat-sheet/

-316-Linux Privilege Escalation using Sudo Rights:

http://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights

-317-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-318-Linux Privilege Escalation by Exploiting Cronjobs:

http://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/

-319-Web Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-320-Webshell to Meterpreter:

http://www.hackingarticles.in/webshell-to-meterpreter

-321-WordPress Penetration Testing using WPScan & Metasploit:

http://www.hackingarticles.in/wordpress-penetration-testing-using-wpscan-metasploit

-322-XSS Exploitation in DVWA (Bypass All Security):

http://www.hackingarticles.in/xss-exploitation-dvwa-bypass-security

-323-Linux Privilege Escalation Using PATH Variable:

http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/

-324-VNC tunneling over SSH:

http://www.hackingarticles.in/vnc-tunneling-ssh

-325-VNC Pivoting through Meterpreter:

http://www.hackingarticles.in/vnc-pivoting-meterpreter

-326-Week of Evading Microsoft ATA - Announcement and Day 1:

https://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day1.html

-327-Abusing DNSAdmins privilege for escalation in Active Directory:

https://www.labofapenetrationtester.com/2017/05/abusing-dnsadmins-privilege-for-escalation-in-active-directory.html

-328-Using SQL Server for attacking a Forest Trust:

https://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html

-329-Empire :

http://www.harmj0y.net/blog/category/empire/

-330-8 Deadly Commands You Should Never Run on Linux:

https://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/

-331-External C2 framework for Cobalt Strike:

https://www.insomniacsecurity.com/2018/01/11/externalc2.html

-332-How to use Public IP on Kali Linux:

http://www.hackingarticles.in/use-public-ip-kali-linux

-333-Bypass Admin access through guest Account in windows 10:

http://www.hackingarticles.in/bypass-admin-access-guest-account-windows-10

-334-Bypass Firewall Restrictions with Metasploit (reverse_tcp_allports):

http://www.hackingarticles.in/bypass-firewall-restrictions-metasploit-reverse_tcp_allports

-335-Bypass SSH Restriction by Port Relay:

http://www.hackingarticles.in/bypass-ssh-restriction-by-port-relay

-336-Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key):

http://www.hackingarticles.in/bypass-uac-protection-remote-windows-10-pc-via-fodhelper-registry-key

-337-Bypass UAC in Windows 10 using bypass_comhijack Exploit:

http://www.hackingarticles.in/bypass-uac-windows-10-using-bypass_comhijack-exploit

-338-Bind Payload using SFX archive with Trojanizer:

http://www.hackingarticles.in/bind-payload-using-sfx-archive-trojanizer

-339-Capture NTLM Hashes using PDF (Bad-Pdf):

http://www.hackingarticles.in/capture-ntlm-hashes-using-pdf-bad-pdf

-340-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks/

-341-Detect SQL Injection Attack using Snort IDS:

http://www.hackingarticles.in/detect-sql-injection-attack-using-snort-ids/

-342-Beginner Guide to Website Footprinting:

http://www.hackingarticles.in/beginner-guide-website-footprinting/

-343-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-344-Wifi Post Exploitation on Remote PC:

http://www.hackingarticles.in/wifi-post-exploitation-remote-pc/

-335-Check Meltdown Vulnerability in CPU:

http://www.hackingarticles.in/check-meltdown-vulnerability-cpu

-336-XXE:

https://phonexicum.github.io/infosec/xxe.html

-337-[XSS] Re ected XSS Bypass Filter:

https://medium.com/p/de41d35239a3

-338-Engagement Tools Tutorial in Burp suite:

http://www.hackingarticles.in/engagement-tools-tutorial-burp-suite

-339-Wiping Out CSRF:

https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f

-340-First entry: Welcome and fileless UAC bypass:

https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/

-341-Writing a Custom Shellcode Encoder:

https://medium.com/p/31816e767611

-342-Security Harden CentOS 7 :

https://highon.coffee/blog/security-harden-centos-7/

-343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS:

https://www.paulosyibelo.com/2018/06/the-big-bad-wolf-xss-and-maintaining.html

-344-MySQL:

https://websec.ca/kb/CHANGELOG.txt

-345-Deobfuscation of VM based software protection:

http://shell-storm.org/talks/SSTIC2017_Deobfuscation_of_VM_based_software_protection.pdf

-346-Online Assembler and Disassembler:

http://shell-storm.org/online/Online-Assembler-and-Disassembler/

-347-Shellcodes database for study cases:

http://shell-storm.org/shellcode/

-348-Dynamic Binary Analysis and Obfuscated Codes:

http://shell-storm.org/talks/sthack2016-rthomas-jsalwan.pdf

-349-How Triton may help to analyse obfuscated binaries:

http://triton.quarkslab.com/files/misc82-triton.pdf

-350-Triton: A Concolic Execution Framework:

http://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf

-351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM:

https://github.com/JonathanSalwan/Tigress_protection

-352-What kind of semantics information Triton can provide?:

http://triton.quarkslab.com/blog/What-kind-of-semantics-information-Triton-can-provide/

-353-Code coverage using a dynamic symbolic execution:

http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/

-354-Triton (concolic execution framework) under the hood:

http://triton.quarkslab.com/blog/first-approach-with-the-framework/

-355-- Stack and heap overflow detection at runtime via behavior analysis and Pin:

http://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN/

-356-Binary analysis: Concolic execution with Pin and z3:

http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/

-357-In-Memory fuzzing with Pin:

http://shell-storm.org/blog/In-Memory-fuzzing-with-Pin/

-358-Hackover 2015 r150 (outdated solving for Triton use cases):

https://github.com/JonathanSalwan/Triton/blob/master/src/examples/python/ctf-writeups/hackover-ctf-2015-r150/solve.py

-359-Skip sh – Web Application Security Scanner for XSS, SQL Injection, Shell injection:

https://gbhackers.com/skipfish-web-application-security-scanner

-360-Sublist3r – Tool for Penetration testers to Enumerate Sub-domains:

https://gbhackers.com/sublist3r-penetration-testers

-361-bypassing application whitelisting with bginfo:

https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/

-362-accessing-clipboard-from-the-lock-screen-in-windows-10:

https://oddvar.moe/2017/01/24/accessing-clipboard-from-the-lock-screen-in-windows-10/

-363-bypassing-device-guard-umci-using-chm-cve-2017-8625:

https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/

-364-defense-in-depth-writeup:

https://oddvar.moe/2017/09/13/defense-in-depth-writeup/

-365-applocker-case-study-how-insecure-is-it-really-part-1:

https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/

-366-empires-cross-platform-office-macro:

https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/

-367-recon tools:

https://blackarch.org/recon.html

-368-Black Hat 2018 tools list:

https://medium.com/p/991fa38901da

-369-Application Introspection & Hooking With Frida:

https://www.fuzzysecurity.com/tutorials/29.html

-370-And I did OSCP!:

https://medium.com/p/589babbfea19

-371-CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests:

https://arnaucube.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

-372-Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals:

https://gbhackers.com/threat-intelligence-tools

-373-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

https://techincidents.com/penetration-testing-cheat-sheet/

-374-privilege escalation:

https://toshellandback.com/category/privilege-escalation/

-375-The Complete List of Windows Post-Exploitation Commands (No Powershell):

https://medium.com/p/999b5433b61e

-376-The Art of Subdomain Enumeration:

https://blog.sweepatic.com/tag/subdomain-enumeration/

-377-The Principles of a Subdomain Takeover:

https://blog.sweepatic.com/subdomain-takeover-principles/

-378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!:

https://medium.com/p/b250fb40af82

-379-The Solution for Web for Pentester-I:

https://medium.com/p/4c21b3ae9673

-380-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-381-: Ethical Hacking, Hack Tools, Hacking Tricks, Information Gathering, Penetration Testing, Recommended:

https://www.hackingloops.com/hacking-tricks/

-383-Introduction to Exploitation, Part 1: Introducing Concepts and Terminology:

https://www.hackingloops.com/exploitation-terminology/

-384-How Hackers Kick Victims Off of Wireless Networks:

https://www.hackingloops.com/kick-victims-off-of-wireless-networks/

-385-Maintaining Access Part 1: Introduction and Metasploit Example:

https://www.hackingloops.com/maintaining-access-metasploit/

-386-How to Steal Windows Credentials with Mimikatz and Metasploit:

https://www.hackingloops.com/mimikatz/

-387-Evading Anti-virus Part 2: Obfuscating Payloads with Msfvenom:

https://www.hackingloops.com/msfvenom/

-388-Evading Anti-virus Part 1: Infecting EXEs with Shellter:

https://www.hackingloops.com/evading-anti-virus-shellter/

-389-Mobile Hacking Part 4: Fetching Payloads via USB Rubber Ducky:

https://www.hackingloops.com/payloads-via-usb-rubber-ducky/

-390-Ethical Hacking Practice Test 6 – Footprinting Fundamentals Level1:

https://www.hackingloops.com/ethical-hacking-practice-test-6-footprinting-fundamentals-level1/

-391-Skip Cracking Responder Hashes and Relay Them:

https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/

-392-Cracking NTLMv1 Handshakes with Crack.sh:

http://threat.tevora.com/quick-tip-crack-ntlmv1-handshakes-with-crack-sh/

-393-Top 3 Anti-Forensic OpSec Tips for Linux & A New Dead Man’s Switch:

https://medium.com/p/d5e92843e64a

-394-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-395-Windows Privilege Escalation:

http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation

-396-Removing Sender’s IP Address From Email’s Received: From Header:

https://www.devside.net/wamp-server/removing-senders-ip-address-from-emails-received-from-header

-397-Dump Cleartext Password in Linux PC using MimiPenguin:

http://www.hackingarticles.in/dump-cleartext-password-linux-pc-using-mimipenguin

-398-Embedded Backdoor with Image using FakeImageExploiter:

http://www.hackingarticles.in/embedded-backdoor-image-using-fakeimageexploiter

-399-Exploit Command Injection Vulnearbility with Commix and Netcat:

http://www.hackingarticles.in/exploit-command-injection-vulnearbility-commix-netcat

-400-Exploiting Form Based Sql Injection using Sqlmap:

http://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap

-401-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-402-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks

-403-Command Injection to Meterpreter using Commix:

http://www.hackingarticles.in/command-injection-meterpreter-using-commix

-404-Comprehensive Guide to Crunch Tool:

http://www.hackingarticles.in/comprehensive-guide-to-crunch-tool

-405-Compressive Guide to File Transfer (Post Exploitation):

http://www.hackingarticles.in/compressive-guide-to-file-transfer-post-exploitation

-406-Crack Wifi Password using Aircrack-Ng (Beginner’s Guide):

http://www.hackingarticles.in/crack-wifi-password-using-aircrack-ng

-407-How to Detect Meterpreter in Your PC:

http://www.hackingarticles.in/detect-meterpreter-pc

-408-Easy way to Hack Database using Wizard switch in Sqlmap:

http://www.hackingarticles.in/easy-way-hack-database-using-wizard-switch-sqlmap

-409-Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn):

http://www.hackingarticles.in/exploiting-webserver-using-sqlmap-metasploit-os-pwn

-410-Create SSL Certified Meterpreter Payload using MPM:

http://www.hackingarticles.in/exploit-remote-pc-ssl-certified-meterpreter-payload-using-mpm

-411-Port forwarding: A practical hands-on guide:

https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide

-412-Exploit Dev 101: Jumping to Shellcode:

https://www.abatchy.com/2017/05/jumping-to-shellcode.html

-413-Introduction to Manual Backdooring:

https://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html

-414-Kernel Exploitation:

https://www.abatchy.com/2018/01/kernel-exploitation-1

-415-Exploit Dev 101: Bypassing ASLR on Windows:

https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html

-416-Shellcode reduction tips (x86):

https://www.abatchy.com/2017/04/shellcode-reduction-tips-x86

-417-OSCE Study Plan:

https://www.abatchy.com/2017/03/osce-study-plan

-418-[DefCamp CTF Qualification 2017] Don't net, kids! (Revexp 400):

https://www.abatchy.com/2017/10/defcamp-dotnot

-419-DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE:

https://www.ambionics.io/

-420-SQL VULNERABLE WEBSITES LIST 2017 [APPROX 2500 FRESH SQL VULNERABLE SITES]:

https://www.cityofhackerz.com/sql-vulnerable-websites-list-2017

-421-Windows IR Live Forensics Cheat Sheet:

https://www.cheatography.com/tag/forensics/

-422-windows-kernel-logic-bug-class-access:

https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html

-423-injecting-code-into-windows-protected:

https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html

-424-USING THE DDE ATTACK WITH POWERSHELL EMPIRE:

https://1337red.wordpress.com/using-the-dde-attack-with-powershell-empire

-425-Automated Derivative Administrator Search:

https://wald0.com/?p=14

-426-A Red Teamer’s Guide to GPOs and OUs:

https://wald0.com/?p=179

-427-Pen Testing and Active Directory, Part VI: The Final Case:

https://blog.varonis.com/pen-testing-active-directory-part-vi-final-case/

-428-Offensive Tools and Techniques:

https://www.sec.uno/2017/03/01/offensive-tools-and-techniques/

-429-Three penetration testing tips to out-hack hackers:

http://infosechotspot.com/three-penetration-testing-tips-to-out-hack-hackers-betanews/

-430-Introducing BloodHound:

https://wald0.com/?p=68

-431-Red + Blue = Purple:

http://www.blackhillsinfosec.com/?p=5368

-432-Active Directory Access Control List – Attacks and Defense – Enterprise Mobility and Security Blog:

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/

-433-PrivEsc: Unquoted Service Path:

https://www.gracefulsecurity.com/privesc-unquoted-service-path/

-434-PrivEsc: Insecure Service Permissions:

https://www.gracefulsecurity.com/privesc-insecure-service-permissions/

-435-PrivEsc: DLL Hijacking:

https://www.gracefulsecurity.com/privesc-dll-hijacking/

-436-Android Reverse Engineering 101 – Part 1:

http://www.fasteque.com/android-reverse-engineering-101-part-1/

-437-Luckystrike: An Evil Office Document Generator:

https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator

-438-the-number-one-pentesting-tool-youre-not-using:

https://www.shellntel.com/blog/2016/8/3/the-number-one-pentesting-tool-youre-not-using

-439-uac-bypass:

http://www.securitynewspaper.com/tag/uac-bypass/

-440-XSSer – Automated Framework Tool to Detect and Exploit XSS vulnerabilities:

https://gbhackers.com/xsser-automated-framework-detectexploit-report-xss-vulnerabilities

-441-Penetration Testing on X11 Server:

http://www.hackingarticles.in/penetration-testing-on-x11-server

-442-Always Install Elevated:

https://pentestlab.blog/2017/02/28/always-install-elevated

-443-Scanning for Active Directory Privileges & Privileged Accounts:

https://adsecurity.org/?p=3658

-444-Windows Server 2016 Active Directory Features:

https://adsecurity.org/?p=3646

-445-powershell:

https://adsecurity.org/?tag=powershell

-446-PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection:

https://adsecurity.org/?p=2921

-447-DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack:

https://adsecurity.org/?p=3214

-448-Real-World Example of How Active Directory Can Be Compromised (RSA Conference Presentation):

https://adsecurity.org/?p=2085

-449-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-450-Background: Microsoft Ofice Exploitation:

https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/

-451-Automated XSS Finder:

https://medium.com/p/4236ed1c6457

-452-Application whitelist bypass using XLL and embedded shellcode:

https://rileykidd.com/.../application-whitelist-bypass-using-XLL-and-embedded-shellc

-453-AppLocker Bypass – Regsvr32:

https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32

-454-Nmap Scans using Hex Value of Flags:

http://www.hackingarticles.in/nmap-scans-using-hex-value-flags

-455-Nmap Scan with Timing Parameters:

http://www.hackingarticles.in/nmap-scan-with-timing-parameters

-456-OpenSSH User Enumeration Time- Based Attack with Osueta:

http://www.hackingarticles.in/openssh-user-enumeration-time-based-attack-osueta

-457-Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-458-Penetration Testing on Remote Desktop (Port 3389):

http://www.hackingarticles.in/penetration-testing-remote-desktop-port-3389

-459-Penetration Testing on Telnet (Port 23):

http://www.hackingarticles.in/penetration-testing-telnet-port-23

-460-Penetration Testing in Windows/Active Directory with Crackmapexec:

http://www.hackingarticles.in/penetration-testing-windowsactive-directory-crackmapexec

-461-Penetration Testing in WordPress Website using WordPress Exploit Framework:

http://www.hackingarticles.in/penetration-testing-wordpress-website-using-wordpress-exploit-framework

-462-Port Scanning using Metasploit with IPTables:

http://www.hackingarticles.in/port-scanning-using-metasploit-iptables

-463-Post Exploitation Using WMIC (System Command):

http://www.hackingarticles.in/post-exploitation-using-wmic-system-command

-464-Privilege Escalation in Linux using etc/passwd file:

http://www.hackingarticles.in/privilege-escalation-in-linux-using-etc-passwd-file

-465-RDP Pivoting with Metasploit:

http://www.hackingarticles.in/rdp-pivoting-metasploit

-466-A New Way to Hack Remote PC using Xerosploit and Metasploit:

http://www.hackingarticles.in/new-way-hack-remote-pc-using-xerosploit-metasploit

-467-Shell to Meterpreter using Session Command:

http://www.hackingarticles.in/shell-meterpreter-using-session-command

-468-SMTP Pentest Lab Setup in Ubuntu (Port 25):

http://www.hackingarticles.in/smtp-pentest-lab-setup-ubuntu

-469-SNMP Lab Setup and Penetration Testing:

http://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing

-470-SQL Injection Exploitation in Multiple Targets using Sqlmap:

http://www.hackingarticles.in/sql-injection-exploitation-multiple-targets-using-sqlmap

-471-Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin):

http://www.hackingarticles.in/sql-injection-exploitation-sqlmap-burp-suite-burp-co2-plugin

-472-SSH Penetration Testing (Port 22):

http://www.hackingarticles.in/ssh-penetration-testing-port-22

-473-Manual Post Exploitation on Windows PC (System Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-system-command

-474-SSH Pivoting using Meterpreter:

http://www.hackingarticles.in/ssh-pivoting-using-meterpreter

-475-Stealing Windows Credentials of Remote PC with MS Office Document:

http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document

-476-Telnet Pivoting through Meterpreter:

http://www.hackingarticles.in/telnet-pivoting-meterpreter

-477-Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin):

http://www.hackingarticles.in/hack-password-using-rogue-wi-fi-access-point-attack-wifi-pumpkin

-478-Hack Remote PC using Fake Updates Scam with Ettercap and Metasploit:

http://www.hackingarticles.in/hack-remote-pc-using-fake-updates-scam-with-ettercap-and-metasploit

-479-Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit:

http://www.hackingarticles.in/hack-remote-windows-10-password-plain-text-using-wdigest-credential-caching-exploit

-480-Hack Remote Windows 10 PC using TheFatRat:

http://www.hackingarticles.in/hack-remote-windows-10-pc-using-thefatrat

-481-2 Ways to Hack Windows 10 Password Easy Way:

http://www.hackingarticles.in/hack-windows-10-password-easy-way

-482-How to Change ALL Files Extension in Remote PC (Confuse File Extensions Attack):

http://www.hackingarticles.in/how-to-change-all-files-extension-in-remote-pc-confuse-file-extensions-attack

-483-How to Delete ALL Files in Remote Windows PC:

http://www.hackingarticles.in/how-to-delete-all-files-in-remote-windows-pc-2

-484-How to Encrypt Drive of Remote Victim PC:

http://www.hackingarticles.in/how-to-encrypt-drive-of-remote-victim-pc

-485-Post Exploitation in Linux With Metasploit:

https://pentestlab.blog/2013/01/04/post-exploitation-in-linux-with-metasploit

-486-Red Team:

https://posts.specterops.io/tagged/red-team?source=post

-487-Code Signing Certi cate Cloning Attacks and Defenses:

https://posts.specterops.io/tagged/code-signing?source=post

-488-Phishing:

https://posts.specterops.io/tagged/phishing?source=post

-489-PowerPick – A ClickOnce Adjunct:

http://www.sixdub.net/?p=555

-490-sql-injection-xss-playground:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground

-491-Privilege Escalation & Post-Exploitation:

https://github.com/rmusser01/Infosec_Reference/raw/master/Draft/Privilege%20Escalation%20%26%20Post-Exploitation.md

-492-https-payload-and-c2-redirectors:

https://posts.specterops.io/https-payload-and-c2-redirectors-ff8eb6f87742?source=placement_card_footer_grid---------2-41

-493-a-push-toward-transparency:

https://posts.specterops.io/a-push-toward-transparency-c385a0dd1e34?source=placement_card_footer_grid---------0-41

-494-bloodhound:

https://posts.specterops.io/tagged/bloodhound?source=post

-495-active directory:

https://posts.specterops.io/tagged/active-directory?source=post

-496-Load & Execute Bundles with migrationTool:

https://posts.specterops.io/load-execute-bundles-with-migrationtool-f952e276e1a6?source=placement_card_footer_grid---------1-41

-497-Outlook Forms and Shells:

https://sensepost.com/blog/2017/outlook-forms-and-shells/

-498-Tools:

https://sensepost.com/blog/tools/

-499-2018 pentesting resources:

https://sensepost.com/blog/2018/

-500-network pentest:

https://securityonline.info/category/penetration-testing/network-pentest/

-501-[technical] Pen-testing resources:

https://medium.com/p/cd01de9036ad

-502-Stored XSS on Facebook:

https://opnsec.com/2018/03/stored-xss-on-facebook/

-503-vulnerabilities:

https://www.brokenbrowser.com/category/vulnerabilities/

-504-Extending BloodHound: Track and Visualize Your Compromise:

https://porterhau5.com/.../extending-bloodhound-track-and-visualize-your-compromise

-505-so-you-want-to-be-a-web-security-researcher:

https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher

-506-BugBounty — AWS S3 added to my “Bucket” list!:

https://medium.com/p/f68dd7d0d1ce

-507-BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company:

https://medium.com/p/c75967392c7e

-508-BugBounty — Exploiting CRLF Injection can lands into a nice bounty:

https://medium.com/p/159525a9cb62

-509-BugBounty — How I was able to bypass rewall to get RCE and then went from server shell to get root user account:

https://medium.com/p/783f71131b94

-510-BugBounty — “I don’t need your current password to login into youraccount” - How could I completely takeover any user’s account in an online classi ed ads company:

https://medium.com/p/e51a945b083d

-511-Ping Power — ICMP Tunnel:

https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea?source=placement_card_footer_grid---------1-41

-512-hacking:

https://www.nextleveltricks.com/hacking/

-513-Top 8 Best YouTube Channels To Learn Ethical Hacking Online !:

https://www.nextleveltricks.com/youtube-channels-to-learn-hacking/

-514-Google Dorks List 2018 | Fresh Google Dorks 2018 for SQLi:

https://www.nextleveltricks.com/latest-google-dorks-list/

-515-Art of Shellcoding: Basic AES Shellcode Crypter:

http://www.nipunjaswal.com/2018/02/shellcode-crypter.html

-516-Big List Of Google Dorks Hacking:

https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking/

-517-nmap-cheatsheet:

https://bitrot.sh/cheatsheet/09-12-2017-nmap-cheatsheet/

-518-Aws Recon:

https://enciphers.com/tag/aws-recon/

-519-Recon:

https://enciphers.com/tag/recon/

-520-Subdomain Enumeration:

https://enciphers.com/tag/subdomain-enumeration/

-521-Shodan:

https://enciphers.com/tag/shodan/

-522-Dump LAPS passwords with ldapsearch:

https://malicious.link/post/2017/dump-laps-passwords-with-ldapsearch/

-523-peepdf - PDF Analysis Tool:

http://eternal-todo.com/tools/peepdf-pdf-analysis-tool

-524-Evilginx 2 - Next Generation of Phishing 2FA Tokens:

breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/

-526-Evil XML with two encodings:

https://mohemiv.com/all/evil-xml/

-527-create-word-macros-with-powershell:

https://4sysops.com/archives/create-word-macros-with-powershell/

-528-Excess XSS A comprehensive tutorial on cross-site scripting:

https://excess-xss.com/

-529-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-530-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-531-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-532-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-533-“Practical recon techniques for bug hunters & pen testers”:

https://blog.appsecco.com/practical-recon-techniques-for-bug-hunters-pen-testers-at-levelup-0x02-b72c15641972?source=placement_card_footer_grid---------2-41

-534-Exploiting Node.js deserialization bug for Remote Code Execution:

https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/

-535-Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege:

http://www.greyhathacker.net/?p=1006

-536-Running Macros via ActiveX Controls:

http://www.greyhathacker.net/?p=948

-537-all=BUG+MALWARE+EXPLOITS

http://www.greyhathacker.net/?cat=18

-538-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking

-539-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-540-A Look at CVE-2017-8715: Bypassing CVE-2017-0218 using PowerShell Module Manifests:

https://enigma0x3.net/2017/11/06/a-look-at-cve-2017-8715-bypassing-cve-2017-0218-using-powershell-module-manifests/

-541-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe

-542-File Upload XSS:

https://medium.com/p/83ea55bb9a55

-543-Firebase Databases:

https://medium.com/p/f651a7d49045

-544-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac

-545-RED-TEAM:

https://cybersyndicates.com/tags/red-team/

-546-Egressing Bluecoat with Cobaltstike & Let's Encrypt:

https://www.youtube.com/watch?v=cgwfjCmKQwM

-547-Veil-Evasion:

https://cybersyndicates.com/tags/veil-evasion/

-548-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-549-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-550-Don’t leak sensitive data via security scanning tools:

https://medium.com/p/7d1f715f0486

-551-CRLF Injection Into PHP’s cURL Options:

https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545?source=placement_card_footer_grid---------0-60

-552-Open Redirects & Security Done Right!:

https://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496?source=placement_card_footer_grid---------2-60

-553-DOM XSS – auth.uber.com:

https://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html

-554-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-555-exploiting-adobe-coldfusion:

https://codewhitesec.blogspot.com/2018/03/exploiting-adobe-coldfusion.html

-556-Command and Control – HTTPS:

https://pentestlab.blog/2017/10/04/command-and-control-https

-557-Command and Control – Images:

https://pentestlab.blog/2018/01/02/command-and-control-images

-558-Command and Control – JavaScript:

https://pentestlab.blog/2018/01/08/command-and-control-javascript

-559-XSS-Payloads:

https://github.com/Pgaijin66/XSS-Payloads

-560-Command and Control – Web Interface:

https://pentestlab.blog/2018/01/03/command-and-control-web-interface

-561-Command and Control – Website:

https://pentestlab.blog/2017/11/14/command-and-control-website

-562-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-563-atomic-red-team:

https://github.com/redcanaryco/atomic-red-team

-564-PowerView-3.0-tricks.ps1:

https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

-565-awesome-sec-talks:

https://github.com/PaulSec/awesome-sec-talks

-566-Awesome-Red-Teaming:

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

-567-awesome-php:

https://github.com/ziadoz/awesome-php

-568-latest-hacks:

https://hackercool.com/latest-hacks/

-569-GraphQL NoSQL Injection Through JSON Types:

http://www.east5th.co/blog/2017/06/12/graphql-nosql-injection-through-json-types/

-570-Writing .NET Executables for Pentesters:

https://www.peew.pw/blog/2017/12/4/writing-net-executables-for-penteters-part-2

-571-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://github.com/secfigo/Awesome-Fuzzing

-572-How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC:

http://www.hackingarticles.in/how-to-shutdown-restart-logoff-and-hibernate-remote-windows-pc

-572-Injecting Metasploit Payloads into Android Applications – Manually:

https://pentestlab.blog/2017/06/26/injecting-metasploit-payloads-into-android-applications-manually

-573-Google Dorks For Carding [Huge List] - Part 1:

https://hacker-arena.blogspot.com/2014/03/google-dorks-for-carding-huge-list-part.html

-574-Google dorks for growth hackers:

https://medium.com/p/7f83c8107057

-575-Google Dorks For Carding (HUGE LIST):

https://leetpedia.blogspot.com/2013/01/google-dorks-for-carding-huge-list.html

-576-BIGGEST SQL Injection Dorks List ~ 20K+ Dorks:

https://leetpedia.blogspot.com/2013/05/biggest-sql-injection-dorks-list-20k.html

-577-Pastebin Accounts Hacking (Facebook/Paypal/LR/Gmail/Yahoo, etc):

https://leetpedia.blogspot.com/2013/01/pastebin-accounts-hacking.html

-578-How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!:

http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html

-579-Hijacking VNC (Enum, Brute, Access and Crack):

https://medium.com/p/d3d18a4601cc

-580-Linux Post Exploitation Command List:

https://github.com/mubix/post-exploitation/wiki

-581-List of google dorks for sql injection:

https://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/

-582-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset

-583-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-584-Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability:

https://www.securityfocus.com/bid/104407

-585-Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability:

https://www.securityfocus.com/bid/104382

-586-miSafes Mi-Cam Device Hijacking:

https://packetstormsecurity.com/files/146504/SA-20180221-0.txt

-587-Low-Level Windows API Access From PowerShell:

https://www.fuzzysecurity.com/tutorials/24.html

-588-Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability:

https://www.securityfocus.com/bid/103316

-589-Lateral Movement – RDP:

https://pentestlab.blog/2018/04/24/lateral-movement-rdp/

-590-Snagging creds from locked machines:

https://malicious.link/post/2016/snagging-creds-from-locked-machines/

-591-Making a Blind SQL Injection a Little Less Blind:

https://medium.com/p/428dcb614ba8

-592-VulnHub — Kioptrix: Level 5:

https://medium.com/@bondo.mike/vulnhub-kioptrix-level-5-88ab65146d48?source=placement_card_footer_grid---------1-60

-593-Unauthenticated Account Takeover Through HTTP Leak:

https://medium.com/p/33386bb0ba0b

-594-Hakluke’s Ultimate OSCP Guide: Part 1 — Is OSCP for you?:

https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440?source=placement_card_footer_grid---------2-43

-595-Finding Target-relevant Domain Fronts:

https://medium.com/@vysec.private/finding-target-relevant-domain-fronts-7f4ad216c223?source=placement_card_footer_grid---------0-44

-596-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac?source=placement_card_footer_grid---------1-60

-597-Cobalt Strike Visualizations:

https://medium.com/@001SPARTaN/cobalt-strike-visualizations-e6a6e841e16b?source=placement_card_footer_grid---------2-60

-598-OWASP Top 10 2017 — Web Application Security Risks:

https://medium.com/p/31f356491712

-599-XSS-Auditor — the protector of unprotected:

https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b?source=placement_card_footer_grid---------0-60

-600-Netcat vs Cryptcat – Remote Shell to Control Kali Linux from Windows machine:

https://gbhackers.com/netcat-vs-cryptcat

-601-Jenkins Servers Infected With Miner.:

https://medium.com/p/e370a900ab2e

-602-cheat-sheet:

http://pentestmonkey.net/category/cheat-sheet

-603-Command and Control – Website Keyword:

https://pentestlab.blog/2017/09/14/command-and-control-website-keyword/

-604-Command and Control – Twitter:

https://pentestlab.blog/2017/09/26/command-and-control-twitter/

-605-Command and Control – Windows COM:

https://pentestlab.blog/2017/09/01/command-and-control-windows-com/

-606-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset/

-607-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-608-PHISHING WITH EMPIRE:

https://enigma0x3.net/2016/03/15/phishing-with-empire/

-609-Reverse Engineering Android Applications:

https://pentestlab.blog/2017/02/06/reverse-engineering-android-applications/

-610-HTML Injection:

https://pentestlab.blog/2013/06/26/html-injection/

-611-Meterpreter stage AV/IDS evasion with powershell:

https://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/

-612-Windows Atomic Tests by ATT&CK Tactic & Technique:

https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/windows-index.md

-613-Windows Active Directory Post Exploitation Cheatsheet:

https://medium.com/p/48c2bd70388

-614-Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware:

http://news.softpedia.com/news/windows-10-uac-loophole-can-be-used-to-infect-systems-with-malware-513996.shtml

-615-How to Bypass Anti-Virus to Run Mimikatz:

https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/

-616-Userland API Monitoring and Code Injection Detection:

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

-617-USE TOR. USE EMPIRE.:

http://secureallthethings.blogspot.com/2016/11/use-tor-use-empire.html

-617-ADVANCED CROSS SITE SCRIPTING (XSS) CHEAT SHEET:

https://www.muhaddis.info/advanced-cross-site-scripting-xss-cheat-sheet/

-618-Empire without PowerShell.exe:

https://bneg.io/2017/07/26/empire-without-powershell-exe/

-619-RED TEAM:

https://bneg.io/category/red-team/

-620-PDF Tools:

https://blog.didierstevens.com/programs/pdf-tools/

-621-DNS Data ex ltration — What is this and How to use?

https://blog.fosec.vn/dns-data-exfiltration-what-is-this-and-how-to-use-2f6c69998822

-621-Google Dorks:

https://medium.com/p/7cfd432e0cf3

-622-Hacking with JSP Shells:

https://blog.netspi.com/hacking-with-jsp-shells/

-623-Malware Analysis:

https://github.com/RPISEC/Malware/raw/master/README.md

-624-A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.:

https://github.com/SandySekharan/CTF-tool

-625-Group Policy Preferences:

https://pentestlab.blog/2017/03/20/group-policy-preferences

-627-CHECKING FOR MALICIOUSNESS IN AC OFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-628-deobfuscation:

https://furoner.wordpress.com/tag/deobfuscation/

-629-POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS:

https://fzuckerman.wordpress.com/2016/10/06/powershell-empire-stagers-1-phishing-with-an-office-macro-and-evading-avs/

-630-A COMPREHENSIVE TUTORIAL ON CROSS-SITE SCRIPTING:

https://fzuckerman.wordpress.com/2016/10/06/a-comprehensive-tutorial-on-cross-site-scripting/

-631-GCAT – BACKDOOR EM PYTHON:

https://fzuckerman.wordpress.com/2016/10/06/gcat-backdoor-em-python/

-632-Latest Carding Dorks List for Sql njection 2019:

https://latestechnews.com/carding-dorks/

-633-google docs for credit card:

https://latestechnews.com/tag/google-docs-for-credit-card/

-634-How To Scan Multiple Organizations With Shodan and Golang (OSINT):

https://medium.com/p/d994ba6a9587

-635-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-636-phishing:

https://www.blackhillsinfosec.com/tag/phishing/

-637-Merlin in action: Intro to Merlin:

https://asciinema.org/a/ryljo8qNjHz1JFcFDK7wP6e9I

-638-IP Cams from around the world:

https://medium.com/p/a6f269f56805

-639-Advanced Cross Site Scripting(XSS) Cheat Sheet by Jaydeep Dabhi:

https://jaydeepdabhi.wordpress.com/2016/01/12/advanced-cross-site-scriptingxss-cheat-sheet-by-jaydeep-dabhi/

-640-Just how easy it is to do a domain or subdomain take over!?:

https://medium.com/p/265d635b43d8

-641-How to Create hidden user in Remote PC:

http://www.hackingarticles.in/create-hidden-remote-metaspolit

-642-Process Doppelgänging – a new way to impersonate a process:

https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/

-643-How to turn a DLL into astandalone EXE:

https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/

-644-Hijacking extensions handlers as a malware persistence method:

https://hshrzd.wordpress.com/2017/05/25/hijacking-extensions-handlers-as-a-malware-persistence-method/

-645-I'll Get Your Credentials ... Later!:

https://www.fuzzysecurity.com/tutorials/18.html

-646-Game Over: CanYouPwnMe > Kevgir-1:

https://www.fuzzysecurity.com/tutorials/26.html

-647-IKARUS anti.virus and its 9 exploitable kernel vulnerabilities:

http://www.greyhathacker.net/?p=995

-648-Getting started in Bug Bounty:

https://medium.com/p/7052da28445a

-649-Union SQLi Challenges (Zixem Write-up):

https://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4?source=placement_card_footer_grid---------2-60

-650-scanless – A Tool for Perform Anonymous Port Scan on Target Websites:

https://gbhackers.com/scanless-port-scans-websites-behalf

-651-WEBAPP PENTEST:

https://securityonline.info/category/penetration-testing/webapp-pentest/

-652-Cross-Site Scripting (XSS) Payloads:

https://securityonline.info/tag/cross-site-scripting-xss-payloads/

-653-sg1: swiss army knife for data encryption, exfiltration & covert communication:

https://securityonline.info/tag/sg1/

-654-NETWORK PENTEST:

https://securityonline.info/category/penetration-testing/network-pentest/

-655-SQL injection in an UPDATE query - a bug bounty story!:

https://zombiehelp54.blogspot.com/2017/02/sql-injection-in-update-query-bug.html

-656-Cross-site Scripting:

https://www.netsparker.com/blog/web-security/cross-site-scripting-xss/

-657-Local File Inclusion:

https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/

-658-Command Injection:

https://www.netsparker.com/blog/web-security/command-injection-vulnerability/

-659-a categorized list of Windows CMD commands:

https://ss64.com/nt/commands.html

-660-Understanding Guide for Nmap Timing Scan (Firewall Bypass):

http://www.hackingarticles.in/understanding-guide-nmap-timing-scan-firewall-bypass

-661-RFID Hacking with The Proxmark 3:

https://blog.kchung.co/tag/rfid/

-662-A practical guide to RFID badge copying:

https://blog.nviso.be/2017/01/11/a-practical-guide-to-rfid-badge-copying

-663-Denial of Service using Cookie Bombing:

https://medium.com/p/55c2d0ef808c

-664-Vultr Domain Hijacking:

https://vincentyiu.co.uk/red-team/cloud-security/vultr-domain-hijacking

-665-Command and Control:

https://vincentyiu.co.uk/red-team/domain-fronting

-666-Cisco Auditing Tool & Cisco Global Exploiter to Exploit 14 Vulnerabilities in Cisco Switches and Routers:

https://gbhackers.com/cisco-global-exploiter-cge

-667-CHECKING FOR MALICIOUSNESS IN ACROFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-668-Situational Awareness:

https://pentestlab.blog/2018/05/28/situational-awareness/

-669-Unquoted Service Path:

https://pentestlab.blog/2017/03/09/unquoted-service-path

-670-NFS:

https://pentestacademy.wordpress.com/2017/09/20/nfs/

-671-List of Tools for Pentest Rookies:

https://pentestacademy.wordpress.com/2016/09/20/list-of-tools-for-pentest-rookies/

-672-Common Windows Commands for Pentesters:

https://pentestacademy.wordpress.com/2016/06/21/common-windows-commands-for-pentesters/

-673-Open-Source Intelligence (OSINT) Reconnaissance:

https://medium.com/p/75edd7f7dada

-674-OSINT x UCCU Workshop on Open Source Intelligence:

https://www.slideshare.net/miaoski/osint-x-uccu-workshop-on-open-source-intelligence

-675-Advanced Attack Techniques:

https://www.cyberark.com/threat-research-category/advanced-attack-techniques/

-676-Credential Theft:

https://www.cyberark.com/threat-research-category/credential-theft/

-678-The Cloud Shadow Admin Threat: 10 Permissions to Protect:

https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/

-679-Online Credit Card Theft: Today’s Browsers Store Sensitive Information Deficiently, Putting User Data at Risk:

https://www.cyberark.com/threat-research-blog/online-credit-card-theft-todays-browsers-store-sensitive-information-deficiently-putting-user-data-risk/

-680-Weakness Within: Kerberos Delegation:

https://www.cyberark.com/threat-research-blog/weakness-within-kerberos-delegation/

-681-Simple Domain Fronting PoC with GAE C2 server:

https://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/

-682-Find Critical Information about a Host using DMitry:

https://www.thehackr.com/find-critical-information-host-using-dmitry/

-683-How To Do OS Fingerprinting In Kali Using Xprobe2:

http://disq.us/?url=http%3A%2F%2Fwww.thehackr.com%2Fos-fingerprinting-kali%2F&key=scqgRVMQacpzzrnGSOPySA

-684-Crack SSH, FTP, Telnet Logins Using Hydra:

https://www.thehackr.com/crack-ssh-ftp-telnet-logins-using-hydra/

-685-Reveal Saved Passwords in Browser using JavaScript Injection:

https://www.thehackr.com/reveal-saved-passwords-browser-using-javascript-injection/

-686-Nmap Cheat Sheet:

https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf

-687-Manual Post Exploitation on Windows PC (Network Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-network-command

-688-Hack Gmail or Facebook Password of Remote PC using NetRipper Exploitation Tool:

http://www.hackingarticles.in/hack-gmail-or-facebook-password-of-remote-pc-using-netripper-exploitation-tool

-689-Hack Locked Workstation Password in Clear Text:

http://www.hackingarticles.in/hack-locked-workstation-password-clear-text

-690-How to Find ALL Excel, Office, PDF, and Images in Remote PC:

http://www.hackingarticles.in/how-to-find-all-excel-office-pdf-images-files-in-remote-pc

-691-red-teaming:

https://www.redteamsecure.com/category/red-teaming/

-692-Create a Fake AP and Sniff Data mitmAP:

http://www.uaeinfosec.com/create-fake-ap-sniff-data-mitmap/

-693-Bruteforcing From Nmap Output BruteSpray:

http://www.uaeinfosec.com/bruteforcing-nmap-output-brutespray/

-694-Reverse Engineering Framework radare2:

http://www.uaeinfosec.com/reverse-engineering-framework-radare2/

-695-Automated ettercap TCP/IP Hijacking Tool Morpheus:

http://www.uaeinfosec.com/automated-ettercap-tcpip-hijacking-tool-morpheus/

-696-List Of Vulnerable SQL Injection Sites:

https://www.blogger.com/share-post.g?blogID=1175829128367570667&postID=4652029420701251199

-697-Command and Control – Gmail:

https://pentestlab.blog/2017/08/03/command-and-control-gmail/

-698-Command and Control – DropBox:

https://pentestlab.blog/2017/08/29/command-and-control-dropbox/

-699-Skeleton Key:

https://pentestlab.blog/2018/04/10/skeleton-key/

-700-Secondary Logon Handle:

https://pentestlab.blog/2017/04/07/secondary-logon-handle

-701-Hot Potato:

https://pentestlab.blog/2017/04/13/hot-potato

-702-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-703-Linux-Kernel-exploits:

http://tacxingxing.com/category/exploit/kernel-exploit/

-704-Linux-Kernel-Exploit Stack Smashing:

http://tacxingxing.com/2018/02/26/linuxkernelexploit-stack-smashing/

-705-Linux Kernel Exploit Environment:

http://tacxingxing.com/2018/02/15/linuxkernelexploit-huan-jing-da-jian/

-706-Linux-Kernel-Exploit NULL dereference:

http://tacxingxing.com/2018/02/22/linuxkernelexploit-null-dereference/

-707-Apache mod_python for red teams:

https://labs.nettitude.com/blog/apache-mod_python-for-red-teams/

-708-Bounty Write-up (HTB):

https://medium.com/p/9b01c934dfd2/

709-CTF Writeups:

https://medium.com/ctf-writeups

-710-Detecting Malicious Microsoft Office Macro Documents:

http://www.greyhathacker.net/?p=872

-711-SQL injection in Drupal:

https://hackerone.com/reports/31756

-712-XSS and open redirect on Twitter:

https://hackerone.com/reports/260744

-713-Shopify login open redirect:

https://hackerone.com/reports/55546

-714-HackerOne interstitial redirect:

https://hackerone.com/reports/111968

-715-Ubiquiti sub-domain takeovers:

https://hackerone.com/reports/181665

-716-Scan.me pointing to Zendesk:

https://hackerone.com/reports/114134

-717-Starbucks' sub-domain takeover:

https://hackerone.com/reports/325336

-718-Vine's sub-domain takeover:

https://hackerone.com/reports/32825

-719-Uber's sub-domain takeover:

https://hackerone.com/reports/175070

-720-Read access to Google:

https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/

-721-A Facebook XXE with Word:

https://www.bram.us/2014/12/29/how-i-hacked-facebook-with-a-word-document/

-722-The Wikiloc XXE:

https://www.davidsopas.com/wikiloc-xxe-vulnerability/

-723-Uber Jinja2 TTSI:

https://hackerone.com/reports/125980

-724-Uber Angular template injection:

https://hackerone.com/reports/125027

-725-Yahoo Mail stored XSS:

https://klikki.fi/adv/yahoo2.html

-726-Google image search XSS:

https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html

-727-Shopify Giftcard Cart XSS :

https://hackerone.com/reports/95089

-728-Shopify wholesale XSS :

https://hackerone.com/reports/106293

-729-Bypassing the Shopify admin authentication:

https://hackerone.com/reports/270981

-730-Starbucks race conditions:

https://sakurity.com/blog/2015/05/21/starbucks.html

-731-Binary.com vulnerability – stealing a user's money:

https://hackerone.com/reports/98247

-732-HackerOne signal manipulation:

https://hackerone.com/reports/106305

-733-Shopify S buckets open:

https://hackerone.com/reports/98819

-734-HackerOne S buckets open:

https://hackerone.com/reports/209223

-735-Bypassing the GitLab 2F authentication:

https://gitlab.com/gitlab-org/gitlab-ce/issues/14900

-736-Yahoo PHP info disclosure:

https://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/

-737-Shopify for exporting installed users:

https://hackerone.com/reports/96470

-738-Shopify Twitter disconnect:

https://hackerone.com/reports/111216

-739-Badoo full account takeover:

https://hackerone.com/reports/127703

-740-Disabling PS Logging:

https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs

-741-macro-less-code-exec-in-msword:

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

-742-5 ways to Exploiting PUT Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploiting-put-vulnerabilit

-743-5 Ways to Exploit Verb Tempering Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploit-verb-tempering-vulnerability

-744-5 Ways to Hack MySQL Login Password:

http://www.hackingarticles.in/5-ways-to-hack-mysql-login-password

-745-5 Ways to Hack SMB Login Password:

http://www.hackingarticles.in/5-ways-to-hack-smb-login-password

-746-6 Ways to Hack FTP Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ftp-login-password

-746-6 Ways to Hack SNMP Password:

http://www.hackingarticles.in/6-ways-to-hack-snmp-password

-747-6 Ways to Hack VNC Login Password:

http://www.hackingarticles.in/6-ways-to-hack-vnc-login-password

-748-Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter:

http://www.hackingarticles.in/access-sticky-keys-backdoor-remote-pc-sticky-keys-hunter

-749-Beginner Guide to IPtables:

http://www.hackingarticles.in/beginner-guide-iptables

-750-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-751-Exploit Remote Windows 10 PC using Discover Tool:

http://www.hackingarticles.in/exploit-remote-windows-10-pc-using-discover-tool

-752-Forensics Investigation of Remote PC (Part 2):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-2

-753-5 ways to File upload vulnerability Exploitation:

http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation

-754-FTP Penetration Testing in Ubuntu (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-in-ubuntu-port-21

-755-FTP Penetration Testing on Windows (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-windows

-756-FTP Pivoting through RDP:

http://www.hackingarticles.in/ftp-pivoting-rdp

-757-Fun with Metasploit Payloads:

http://www.hackingarticles.in/fun-metasploit-payloads

-758-Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC:

http://www.hackingarticles.in/gather-cookies-and-history-of-mozilla-firefox-in-remote-windows-linux-or-mac-pc

-759-Generating Reverse Shell using Msfvenom (One Liner Payload):

http://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload

-760-Generating Scan Reports Using Nmap (Output Scan):

http://www.hackingarticles.in/generating-scan-reports-using-nmap-output-scan

-761-Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled):

http://www.hackingarticles.in/get-meterpreter-session-locked-pc-remotely-remote-desktop-enabled

-762-Hack ALL Security Features in Remote Windows 7 PC:

http://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc

-763-5 ways to Exploit LFi Vulnerability:

http://www.hackingarticles.in/5-ways-exploit-lfi-vulnerability

-764-5 Ways to Directory Bruteforcing on Web Server:

http://www.hackingarticles.in/5-ways-directory-bruteforcing-web-server

-765-Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit:

http://www.hackingarticles.in/hack-call-logs-sms-camera-remote-android-phone-using-metasploit

-766-Hack Gmail and Facebook Password in Network using Bettercap:

http://www.hackingarticles.in/hack-gmail-facebook-password-network-using-bettercap

-767-ICMP Penetration Testing:

http://www.hackingarticles.in/icmp-penetration-testing

-768-Understanding Guide to Mimikatz:

http://www.hackingarticles.in/understanding-guide-mimikatz

-769-5 Ways to Create Dictionary for Bruteforcing:

http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing

-770-Linux Privilege Escalation using LD_Preload:

http://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/

-771-2 Ways to Hack Remote Desktop Password using kali Linux:

http://www.hackingarticles.in/2-ways-to-hack-remote-desktop-password-using-kali-linux

-772-2 ways to use Msfvenom Payload with Netcat:

http://www.hackingarticles.in/2-ways-use-msfvenom-payload-netcat

-773-4 ways to Connect Remote PC using SMB Port:

http://www.hackingarticles.in/4-ways-connect-remote-pc-using-smb-port

-774-4 Ways to DNS Enumeration:

http://www.hackingarticles.in/4-ways-dns-enumeration

-775-4 Ways to get Linux Privilege Escalation:

http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation

-776-101+ OSINT Resources for Investigators [2019]:

https://i-sight.com/resources/101-osint-resources-for-investigators/

-777-Week in OSINT #2019–02:

https://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f

-778-OSINT Cheat Sheet:

https://hack2interesting.com/osint-cheat-sheet/

-779-OSINT Cheat Sheet:

https://infoskirmish.com/osint-cheat-sheet/

-780-OSINT Links for Investigators:

https://i-sight.com/resources/osint-links-for-investigators/

-781- Metasploit Cheat Sheet :

https://www.kitploit.com/2019/02/metasploit-cheat-sheet.html

-782- Exploit Development Cheat Sheet:

https://github.com/coreb1t/awesome-pentest-cheat-sheets/commit/5b83fa9cfb05f4774eb5e1be2cde8dbb04d011f4

-783-Building Profiles for a Social Engineering Attack:

https://pentestlab.blog/2012/04/19/building-profiles-for-a-social-engineering-attack/

-784-Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes):

https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

-785-Getting the goods with CrackMapExec: Part 2:

https://byt3bl33d3r.github.io/tag/crackmapexec.html

-786-Bug Hunting Methodology (part-1):

https://medium.com/p/91295b2d2066

-787-Exploring Cobalt Strike's ExternalC2 framework:

https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/

-788-Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities:

https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/

-789-Adversarial Tactics, Techniques & Common Knowledge:

https://attack.mitre.org/wiki/Main_Page

-790-Bug Bounty — Tips / Tricks / JS (JavaScript Files):

https://medium.com/p/bdde412ea49d

-791-Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition):

https://medium.com/p/f88a9f383fcc

-792-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-793-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-794-ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution:

https://bohops.com/2017/12/02/clickonce-twice-or-thrice-a-technique-for-social-engineering-and-untrusted-command-execution/

-795-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-796-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-797-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-798-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-799-Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement:

https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/

-800-Capcom Rootkit Proof-Of-Concept:

https://www.fuzzysecurity.com/tutorials/28.html

-801-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-802-Beginners Guide for John the Ripper (Part 1):

http://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/

-803-Working of Traceroute using Wireshark:

http://www.hackingarticles.in/working-of-traceroute-using-wireshark/

-804-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file/

-805-4 ways to SMTP Enumeration:

http://www.hackingarticles.in/4-ways-smtp-enumeration

-806-4 ways to Hack MS SQL Login Password:

http://www.hackingarticles.in/4-ways-to-hack-ms-sql-login-password

-807-4 Ways to Hack Telnet Passsword:

http://www.hackingarticles.in/4-ways-to-hack-telnet-passsword

-808-5 ways to Brute Force Attack on WordPress Website:

http://www.hackingarticles.in/5-ways-brute-force-attack-wordpress-website

-809-5 Ways to Crawl a Website:

http://www.hackingarticles.in/5-ways-crawl-website

-810-Local Linux Enumeration & Privilege Escalation Cheatsheet:

https://www.rebootuser.com/?p=1623

-811-The Drebin Dataset:

https://www.sec.cs.tu-bs.de/~danarp/drebin/download.html

-812-ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else:

https://www.slideshare.net/x00mario/es6-en

-813-IT and Information Security Cheat Sheets:

https://zeltser.com/cheat-sheets/

-814-Cheat Sheets - DFIR Training:

https://www.dfir.training/cheat-sheets

-815-WinDbg Malware Analysis Cheat Sheet:

https://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/

-819-Cheat Sheet for Analyzing Malicious Software:

https://www.prodefence.org/cheat-sheet-for-analyzing-malicious-software/

-820-Analyzing Malicious Documents Cheat Sheet - Prodefence:

https://www.prodefence.org/analyzing-malicious-documents-cheat-sheet-2/

-821-Cheat Sheets - SANS Digital Forensics:

https://digital-forensics.sans.org/community/cheat-sheets

-822-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:

https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/

-823-Windows Registry Auditing Cheat Sheet:

https://www.slideshare.net/Hackerhurricane/windows-registry-auditing-cheat-sheet-ver-jan-2016-malwarearchaeology

-824-Cheat Sheet of Useful Commands Every Kali Linux User Needs To Know:

https://kennyvn.com/cheatsheet-useful-bash-commands-linux/

-825-kali-linux-cheatsheet:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-826-8 Best Kali Linux Terminal Commands used by Hackers (2019 Edition):

https://securedyou.com/best-kali-linux-commands-terminal-hacking/

-827-Kali Linux Commands Cheat Sheet:

https://www.pinterest.com/pin/393431717429496576/

-827-Kali Linux Commands Cheat Sheet A To Z:

https://officialhacker.com/linux-commands-cheat-sheet/

-828-Linux commands CHEATSHEET for HACKERS:

https://www.reddit.com/r/Kalilinux/.../linux_commands_cheatsheet_for_hackers/

-829-100 Linux Commands – A Brief Outline With Cheatsheet:

https://fosslovers.com/100-linux-commands-cheatsheet/

-830-Kali Linux – Penetration Testing Cheat Sheet:

https://uwnthesis.wordpress.com/2016/06/.../kali-linux-penetration-testing-cheat-sheet/

-831-Basic Linux Terminal Shortcuts Cheat Sheet :

https://computingforgeeks.com/basic-linux-terminal-shortcuts-cheat-sheet/

-832-List Of 220+ Kali Linux and Linux Commands Line {Free PDF} :

https://itechhacks.com/kali-linux-and-linux-commands/

-833-Transferring files from Kali to Windows (post exploitation):

https://blog.ropnop.com/transferring-files-from-kali-to-windows/

-834-The Ultimate Penetration Testing Command Cheat Sheet for Kali Linux:

https://www.hostingland.com/.../the-ultimate-penetration-testing-command-cheat-sheet

-835-What is penetration testing? 10 hacking tools the pros use:

https://www.csoonline.com/article/.../17-penetration-testing-tools-the-pros-use.html

-836-Best Hacking Tools List for Hackers & Security Professionals in 2019:

https://gbhackers.com/hacking-tools-list/

-837-ExploitedBunker PenTest Cheatsheet:

https://exploitedbunker.com/articles/pentest-cheatsheet/

-838-How to use Zarp for penetration testing:

https://www.techrepublic.com/article/how-to-use-zarp-for-penetration-testing/

-839-Wireless Penetration Testing Cheat Sheet;

https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/

-840-Pentest Cheat Sheets:

https://www.cheatography.com/tag/pentest/

-841-40 Best Penetration Testing (Pen Testing) Tools in 2019:

https://www.guru99.com/top-5-penetration-testing-tools.html

-842-Metasploit Cheat Sheet:

https://www.hacking.land/2019/02/metasploit-cheat-sheet.html

-843-OSCP useful resources and tools;

https://acknak.fr/en/articles/oscp-tools/

-844-Pentest + Exploit dev Cheatsheet:

https://ehackings.com/all-posts/pentest-exploit-dev-cheatsheet/

-845-What is Penetration Testing? A Quick Guide for 2019:

https://www.cloudwards.net/penetration-testing/

-846-Recon resource:

https://pentester.land/cheatsheets/2019/04/15/recon-resources.html

-847-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-848-Recon Cheat Sheets:

https://www.cheatography.com/tag/recon/

-849-Penetration Testing Active Directory, Part II:

https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/

-850-Reverse-engineering Cheat Sheets:

https://www.cheatography.com/tag/reverse-engineering/

-851-Reverse Engineering Cheat Sheet:

https://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet

-852-ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS:

https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows

-853-PROPagate:

http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/

-854-Process Doppelgänging, by Tal Liberman and Eugene Kogan::

https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf

-855-Gargoyle:

https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html

-856-GHOSTHOOK:

https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/

-857-Learn C:

https://www.programiz.com/c-programming

-858-x86 Assembly Programming Tutorial:

https://www.tutorialspoint.com/assembly_programming/

-859-Dr. Paul Carter's PC Assembly Language:

http://pacman128.github.io/pcasm/

-860-Introductory Intel x86 - Architecture, Assembly, Applications, and Alliteration:

http://opensecuritytraining.info/IntroX86.html

-861-x86 Disassembly:

https://en.wikibooks.org/wiki/X86_Disassembly

-862-use-of-dns-tunneling-for-cc-communications-malware:

https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/

-863-Using IDAPython to Make Your Life Easier (Series)::

https://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/

-864-NET binary analysis:

https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/

-865-detailed analysis of the BlackEnergy3 big dropper:

https://cysinfo.com/blackout-memory-analysis-of-blackenergy-big-dropper/

-866-detailed analysis of Uroburos rootkit:

https://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg

-867-TCP/IP and tcpdump Pocket Reference Guide:

https://www.sans.org/security-resources/tcpip.pdf

-868-TCPDUMP Cheatsheet:

http://packetlife.net/media/library/12/tcpdump.pdf

-869-Scapy Cheatsheet:

http://packetlife.net/media/library/36/scapy.pdf

-870-WIRESHARK DISPLAY FILTERS:

http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf

-871-Windows command line sheet:

https://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf

-872-Metasploit cheat sheet:

https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

-873-IPv6 Cheatsheet:

http://packetlife.net/media/library/8/IPv6.pdf

-874-IPv4 Subnetting:

http://packetlife.net/media/library/15/IPv4_Subnetting.pdf

-875-IOS IPV4 ACCESS LISTS:

http://packetlife.net/media/library/14/IOS_IPv4_Access_Lists.pdf

-876-Common Ports List:

http://packetlife.net/media/library/23/common_ports.pdf

-877-WLAN:

http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf

-878-VLANs Cheatsheet:

http://packetlife.net/media/library/20/VLANs.pdf

-879-VoIP Basics CheatSheet:

http://packetlife.net/media/library/34/VOIP_Basics.pdf

-880-Google hacking and defense cheat sheet:

https://www.sans.org/security-resources/GoogleCheatSheet.pdf

-881-Nmap CheatSheet:

https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0

-882-Netcat cheat sheet:

https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

-883-PowerShell cheat sheet:

https://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf

-884-Scapy cheat sheet POCKET REFERENCE:

https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf

-885-SQL injection cheat sheet.:

https://information.rapid7.com/sql-injection-cheat-sheet-download.html

-886-Injection cheat sheet:

https://information.rapid7.com/injection-non-sql-cheat-sheet-download.html

-887-Symmetric Encryption Algorithms cheat sheet:

https://www.cheatography.com/rubberdragonfarts/cheat-sheets/symmetric-encryption-algorithms/

-888-Intrusion Discovery Cheat Sheet v2.0 for Linux:

https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf

-889-Intrusion Discovery Cheat Sheet v2.0 for Window:

https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf

-890-Memory Forensics Cheat Sheet v1.2:

https://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf

-891-CRITICAL LOG REVIEW CHECKLIST FOR SECURITY INCIDENTS G E N E R AL APPROACH:

https://www.sans.org/brochure/course/log-management-in-depth/6

-892-Evidence collection cheat sheet:

https://digital-forensics.sans.org/media/evidence_collection_cheat_sheet.pdf

-893-Hex file and regex cheat sheet v1.0:

https://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf

-894-Rekall Memory Forensic Framework Cheat Sheet v1.2.:

https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf

-895-SIFT WORKSTATION Cheat Sheet v3.0.:

https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf

-896-Volatility Memory Forensic Framework Cheat Sheet:

https://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf

-897-Hands - on Network Forensics.:

https://www.first.org/resources/papers/conf2015/first_2015_-_hjelmvik-_erik_-_hands-on_network_forensics_20150604.pdf

-898-VoIP Security Vulnerabilities.:

https://www.sans.org/reading-room/whitepapers/voip/voip-security-vulnerabilities-2036

-899-Incident Response: How to Fight Back:

https://www.sans.org/reading-room/whitepapers/analyst/incident-response-fight-35342

-900-BI-7_VoIP_Analysis_Fundamentals:

https://sharkfest.wireshark.org/sharkfest.12/presentations/BI-7_VoIP_Analysis_Fundamentals.pdf

-901-Bug Hunting Guide:

cybertheta.blogspot.com/2018/08/bug-hunting-guide.html

-902-Guide 001 |Getting Started in Bug Bounty Hunting:

https://whoami.securitybreached.org/2019/.../guide-getting-started-in-bug-bounty-hun...

-903-SQL injection cheat sheet :

https://portswigger.net › Web Security Academy › SQL injection › Cheat sheet

-904-RSnake's XSS Cheat Sheet:

https://www.in-secure.org/2018/08/22/rsnakes-xss-cheat-sheet/

-905-Bug Bounty Tips (2):

https://ctrsec.io/index.php/2019/03/20/bug-bounty-tips-2/

-906-A Review of my Bug Hunting Journey:

https://kongwenbin.com/a-review-of-my-bug-hunting-journey/

-907-Meet the First Hacker Millionaire on HackerOne:

https://itblogr.com/meet-the-first-hacker-millionaire-on-hackerone/

-908-XSS Cheat Sheet:

https://www.reddit.com/r/programming/comments/4sn54s/xss_cheat_sheet/

-909-Bug Bounty Hunter Methodology:

https://www.slideshare.net/bugcrowd/bug-bounty-hunter-methodology-nullcon-2016

-910-#10 Rules of Bug Bounty:

https://hackernoon.com/10-rules-of-bug-bounty-65082473ab8c

-911-Bugbounty Checklist:

https://www.excis3.be/bugbounty-checklist/21/

-912-FireBounty | The Ultimate Bug Bounty List!:

https://firebounty.com/

-913-Brutelogic xss cheat sheet 2019:

https://brutelogic.com.br/blog/ebook/xss-cheat-sheet/

-914-XSS Cheat Sheet by Rodolfo Assis:

https://leanpub.com/xss

-915-Cross-Site-Scripting (XSS) – Cheat Sheet:

https://ironhackers.es/en/cheatsheet/cross-site-scripting-xss-cheat-sheet/

-916-XSS Cheat Sheet V. 2018 :

https://hackerconnected.wordpress.com/2018/03/15/xss-cheat-sheet-v-2018/

-917-Cross-site Scripting Payloads Cheat Sheet :

https://exploit.linuxsec.org/xss-payloads-list

-918-Xss Cheat Sheet :

https://www.in-secure.org/tag/xss-cheat-sheet/

-919-Open Redirect Cheat Sheet :

https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html

-920-XSS, SQL Injection and Fuzzing Bar Code Cheat Sheet:

https://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

-921-XSS Cheat Sheet:

https://tools.paco.bg/13/

-922-XSS for ASP.net developers:

https://www.gosecure.net/blog/2016/03/22/xss-for-asp-net-developers

-923-Cross-Site Request Forgery Cheat Sheet:

https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/

-924-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:

https://www.acunetix.com/websitesecurity/csrf-attacks/

-925-Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet :

https://mamchenkov.net/.../05/.../cross-site-request-forgery-csrf-prevention-cheat-shee...

-926-Guide to CSRF (Cross-Site Request Forgery):

https://www.veracode.com/security/csrf

-927-Cross-site Request Forgery - Exploitation & Prevention:

https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/

-928-SQL Injection Cheat Sheet :

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-929-MySQL SQL Injection Practical Cheat Sheet:

https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/

-930-SQL Injection (SQLi) - Cheat Sheet, Attack Examples & Protection:

https://www.checkmarx.com/knowledge/knowledgebase/SQLi

-931-SQL injection attacks: A cheat sheet for business pros:

https://www.techrepublic.com/.../sql-injection-attacks-a-cheat-sheet-for-business-pros/

-932-The SQL Injection Cheat Sheet:

https://biztechmagazine.com/article/.../guide-combatting-sql-injection-attacks-perfcon

-933-SQL Injection Cheat Sheet:

https://resources.infosecinstitute.com/sql-injection-cheat-sheet/

-934-Comprehensive SQL Injection Cheat Sheet:

https://www.darknet.org.uk/2007/05/comprehensive-sql-injection-cheat-sheet/

-935-MySQL SQL Injection Cheat Sheet:

pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

-936-SQL Injection Cheat Sheet: MySQL:

https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mysql/

-937- MySQL Injection Cheat Sheet:

https://www.asafety.fr/mysql-injection-cheat-sheet/

-938-SQL Injection Cheat Sheet:

https://www.reddit.com/r/netsec/comments/7l449h/sql_injection_cheat_sheet/

-939-Google dorks cheat sheet 2019:

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-940-Command Injection Cheatsheet :

https://hackersonlineclub.com/command-injection-cheatsheet/

-941-OS Command Injection Vulnerability:

https://www.immuniweb.com/vulnerability/os-command-injection.html

-942-OS Command Injection:

https://www.checkmarx.com/knowledge/knowledgebase/OS-Command_Injection

-943-Command Injection: The Good, the Bad and the Blind:

https://www.gracefulsecurity.com/command-injection-the-good-the-bad-and-the-blind/

-944-OS command injection:

https://portswigger.net › Web Security Academy › OS command injection

-945-How to Test for Command Injection:

https://blog.securityinnovation.com/blog/.../how-to-test-for-command-injection.html

-946-Data Exfiltration via Blind OS Command Injection:

https://www.contextis.com/en/blog/data-exfiltration-via-blind-os-command-injection

-947-XXE Cheatsheet:

https://www.gracefulsecurity.com/xxe-cheatsheet/

-948-bugbounty-cheatsheet/xxe.:

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

-949-XXE - Information Security:

https://phonexicum.github.io/infosec/xxe.html

-950-XXE Cheat Sheet:

https://www.hahwul.com/p/xxe-cheat-sheet.html

-951-Advice From A Researcher: Hunting XXE For Fun and Profit:

https://www.bugcrowd.com/blog/advice-from-a-bug-hunter-xxe/

-952-Out of Band Exploitation (OOB) CheatSheet :

https://www.notsosecure.com/oob-exploitation-cheatsheet/

-953-Web app penentration testing checklist and cheatsheet:

www.malwrforensics.com/.../web-app-penentration-testing-checklist-and-cheatsheet-with-example

-954-Useful Resources:

https://lsdsecurity.com/useful-resources/

-955-Exploiting XXE Vulnerabilities in IIS/.NET:

https://pen-testing.sans.org/.../entity-inception-exploiting-iis-net-with-xxe-vulnerabiliti...

-956-Top 65 OWASP Cheat Sheet Collections - ALL IN ONE:

https://www.yeahhub.com/top-65-owasp-cheat-sheet-collections-all-in-one/

-957-Hacking Resources:

https://www.torontowebsitedeveloper.com/hacking-resources

-958-Out of Band XML External Entity Injection:

https://www.netsparker.com/web...scanner/.../out-of-band-xml-external-entity-injectio...

-959-XXE - ZeroSec - Adventures In Information Security:

https://blog.zsec.uk/out-of-band-xxe-2/

-960-Blog - Automated Data Exfiltration with XXE:

https://blog.gdssecurity.com/labs/2015/4/.../automated-data-exfiltration-with-xxe.html

-961-My Experience during Infosec Interviews:

https://medium.com/.../my-experience-during-infosec-interviews-ed1f74ce41b8

-962-Top 10 Security Risks on the Web (OWASP):

https://sensedia.com/.../top-10-security-risks-on-the-web-owasp-and-how-to-mitigate-t...

-963-Antivirus Evasion Tools [Updated 2019] :

https://resources.infosecinstitute.com/antivirus-evasion-tools/

-964-Adventures in Anti-Virus Evasion:

https://www.gracefulsecurity.com/anti-virus-evasion/

-965-Antivirus Bypass Phantom Evasion - 2019 :

https://www.reddit.com/r/Kalilinux/.../antivirus_bypass_phantom_evasion_2019/

-966-Antivirus Evasion with Python:

https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1

-967-Windows oneliners to get shell:

https://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/

-968-Does Veil Evasion Still Work Against Modern AntiVirus?:

https://www.hackingloops.com/veil-evasion-virustotal/

-969-Google dorks cheat sheet 2019 :

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-970-Malware Evasion Techniques :

https://www.slideshare.net/ThomasRoccia/malware-evasion-techniques

-971-How to become a cybersecurity pro: A cheat sheet:

https://www.techrepublic.com/article/cheat-sheet-how-to-become-a-cybersecurity-pro/

-972-Bypassing Antivirus With Ten Lines of Code:

https://hackingandsecurity.blogspot.com/.../bypassing-antivirus-with-ten-lines-of.html

-973-Bypassing antivirus detection on a PDF exploit:

https://www.digital.security/en/blog/bypassing-antivirus-detection-pdf-exploit

-974-Generating Payloads & Anti-Virus Bypass Methods:

https://uceka.com/2014/02/19/generating-payloads-anti-virus-bypass-methods/

-975-Apkwash Android Antivirus Evasion For Msfvemon:

https://hackingarise.com/apkwash-android-antivirus-evasion-for-msfvemon/

-976-Penetration Testing with Windows Computer & Bypassing an Antivirus:

https://www.prodefence.org/penetration-testing-with-windows-computer-bypassing-antivirus

-978-Penetration Testing: The Quest For Fully UnDetectable Malware:

https://www.foregenix.com/.../penetration-testing-the-quest-for-fully-undetectable-malware

-979-AVET: An AntiVirus Bypassing tool working with Metasploit Framework :

https://githacktools.blogspot.com

-980-Creating an undetectable payload using Veil-Evasion Toolkit:

https://www.yeahhub.com/creating-undetectable-payload-using-veil-evasion-toolkit/

-981-Evading Antivirus :

https://sathisharthars.com/tag/evading-antivirus/

-982-AVPASS – All things in moderation:

https://hydrasky.com/mobile-security/avpass/

-983-Complete Penetration Testing & Hacking Tools List:

https://cybarrior.com/blog/2019/03/31/hacking-tools-list/

-984-Modern red teaming: 21 resources for your security team:

https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team

-985-BloodHound and CypherDog Cheatsheet :

https://hausec.com/2019/04/15/bloodhound-and-cypherdog-cheatsheet/

-986-Redteam Archives:

https://ethicalhackingguru.com/category/redteam/

-987-NMAP Commands Cheat Sheet:

https://www.networkstraining.com/nmap-commands-cheat-sheet/

-988-Nmap Cheat Sheet:

https://dhound.io/blog/nmap-cheatsheet

-989-Nmap Cheat Sheet: From Discovery to Exploits:

https://resources.infosecinstitute.com/nmap-cheat-sheet/

-990-Nmap Cheat Sheet and Pro Tips:

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

-991-Nmap Tutorial: from the Basics to Advanced Tips:

https://hackertarget.com/nmap-tutorial/

-992-How to run a complete network scan with OpenVAS;

https://www.techrepublic.com/.../how-to-run-a-complete-network-scan-with-openvas/

-993-Nmap: my own cheatsheet:

https://www.andreafortuna.org/2018/03/12/nmap-my-own-cheatsheet/

-994-Top 32 Nmap Command Examples For Linux Sys/Network Admins:

https://www.cyberciti.biz/security/nmap-command-examples-tutorials/

-995-35+ Best Free NMap Tutorials and Courses to Become Pro Hacker:

https://www.fromdev.com/2019/01/best-free-nmap-tutorials-courses.html

-996-Scanning Tools:

https://widesecurity.net/kali-linux/kali-linux-tools-scanning/

-997-Nmap - Cheatsheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/nmap/cheatsheet/

-998-Linux for Network Engineers:

https://netbeez.net/blog/linux-how-to-use-nmap/

-999-Nmap Cheat Sheet:

https://www.hackingloops.com/nmap-cheat-sheet-port-scanning-basics-ethical-hackers/

-1000-Tactical Nmap for Beginner Network Reconnaissance:

https://null-byte.wonderhowto.com/.../tactical-nmap-for-beginner-network-reconnaiss...

-1001-A Guide For Google Hacking Database:

https://www.hackgentips.com/google-hacking-database/

-1002-2019 Data Breaches - The Worst Breaches, So Far:

https://www.identityforce.com/blog/2019-data-breaches

-1003-15 Vulnerable Sites To (Legally) Practice Your Hacking Skills:

https://www.checkmarx.com/.../15-vulnerable-sites-to-legally-practice-your-hacking-skills

-1004-Google Hacking Master List :

https://it.toolbox.com/blogs/rmorril/google-hacking-master-list-111408

-1005-Smart searching with googleDorking | Exposing the Invisible:

https://exposingtheinvisible.org/guides/google-dorking/

-1006-Google Dorks 2019:

https://korben.info/google-dorks-2019-liste.html

-1007-Google Dorks List and how to use it for Good;

https://edgy.app/google-dorks-list

-1008-How to Use Google to Hack(Googledorks):

https://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/

-1009-Using google as hacking tool:

https://cybertechies007.blogspot.com/.../using-google-as-hacking-tool-googledorks.ht...

-1010-#googledorks hashtag on Twitter:

https://twitter.com/hashtag/googledorks

-1011-Top Five Open Source Intelligence (OSINT) Tools:

https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/

-1012-What is open-source intelligence (OSINT)?:

https://www.microfocus.com/en-us/what-is/open-source-intelligence-osint

-1013-A Guide to Open Source Intelligence Gathering (OSINT):

https://medium.com/bugbountywriteup/a-guide-to-open-source-intelligence-gathering-osint-ca831e13f29c

-1014-OSINT: How to find information on anyone:

https://medium.com/@Peter_UXer/osint-how-to-find-information-on-anyone-5029a3c7fd56

-1015-What is OSINT? How can I make use of it?:

https://securitytrails.com/blog/what-is-osint-how-can-i-make-use-of-it

-1016-OSINT Tools for the Dark Web:

https://jakecreps.com/2019/05/16/osint-tools-for-the-dark-web/

-1017-A Guide to Open Source Intelligence (OSINT):

https://www.cjr.org/tow_center_reports/guide-to-osint-and-hostile-communities.php

-1018-An Introduction To Open Source Intelligence (OSINT):

https://www.secjuice.com/introduction-to-open-source-intelligence-osint/

-1019-SSL & TLS HTTPS Testing [Definitive Guide] - Aptive:

https://www.aptive.co.uk/blog/tls-ssl-security-testing/

-1020-Exploit Title: [Files Containing E-mail and Associated Password Lists]:

https://www.exploit-db.com/ghdb/4262/?source=ghdbid

-1021-cheat_sheets:

http://zachgrace.com/cheat_sheets/

-1022-Intel SYSRET:

https://pentestlab.blog/2017/06/14/intel-sysret

-1023-Windows Preventive Maintenance Best Practices:

http://www.professormesser.com/free-a-plus-training/220-902/windows-preventive-maintenance-best-practices/

-1024-An Overview of Storage Devices:

http://www.professormesser.com/?p=19367

-1025-An Overview of RAID:

http://www.professormesser.com/?p=19373

-1026-How to Troubleshoot:

http://www.professormesser.com/free-a-plus-training/220-902/how-to-troubleshoot/

-1027-Mobile Device Security Troubleshooting:

http://www.professormesser.com/free-a-plus-training/220-902/mobile-device-security-troubleshooting/

-1028-Using Wireshark: Identifying Hosts and Users:

https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/

-1029-Using Wireshark - Display Filter Expressions:

https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/

-1030-Decrypting SSL/TLS traffic with Wireshark:

https://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/

-1031-A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.:

https://onceupon.github.io/Bash-Oneliner/

-1032- Bash One-Liners Explained, Part I: Working with files :

https://catonmat.net/bash-one-liners-explained-part-one

-1033-Bash One-Liners Explained, Part IV: Working with history:

https://catonmat.net/bash-one-liners-explained-part-four

-1034-Useful bash one-liners :

https://github.com/stephenturner/oneliners

-1035-Some Random One-liner Linux Commands [Part 1]:

https://www.ostechnix.com/random-one-liner-linux-commands-part-1/

-1036-The best terminal one-liners from and for smart admins + devs.:

https://www.ssdnodes.com/tools/one-line-wise/

-1037-Shell one-liner:

https://rosettacode.org/wiki/Shell_one-liner#Racket

-1038-SSH Cheat Sheet:

http://pentestmonkey.net/tag/ssh

-1039-7000 Google Dork List:

https://pastebin.com/raw/Tdvi8vgK

-1040-GOOGLE HACKİNG DATABASE – GHDB:

https://pastebin.com/raw/1ndqG7aq

-1041-STEALING PASSWORD WITH GOOGLE HACK:

https://pastebin.com/raw/x6BNZ7NN

-1042-Hack Remote PC with PHP File using PhpSploit Stealth Post-Exploitation Framework:

http://www.hackingarticles.in/hack-remote-pc-with-php-file-using-phpsploit-stealth-post-exploitation-framework

-1043-Open Source database of android malware:

www.code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki

-1044-big-list-of-naughty-strings:

https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.txt

-1045-publicly available cap files:

http://www.netresec.com/?page=PcapFiles

-1046-“Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.399&rep=rep1&type=pdf

-1047-Building a malware analysis toolkit:

https://zeltser.com/build-malware-analysis-toolkit/

-1048-Netcat Reverse Shell Cheat Sheet:

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

-1049-Packers and crypters:

http://securityblog.gr/2950/detect-packers-cryptors-and-compilers/

-1050-Evading antivirus:

http://www.blackhillsinfosec.com/?p=5094

-1051-cheat sheets and information,The Art of Hacking:

https://github.com/The-Art-of-Hacking

-1052-Error-based SQL injection:

https://www.exploit-db.com/docs/37953.pdf

-1053-XSS cheat sheet:

https://www.veracode.com/security/xss

-1054-Active Directory Enumeration with PowerShell:

https://www.exploit-db.com/docs/46990

-1055-Buffer Overflows, C Programming, NSA GHIDRA and More:

https://www.exploit-db.com/docs/47032

-1056-Analysis of CVE-2019-0708 (BlueKeep):

https://www.exploit-db.com/docs/46947

-1057-Windows Privilege Escalations:

https://www.exploit-db.com/docs/46131

-1058-The Ultimate Guide For Subdomain Takeover with Practical:

https://www.exploit-db.com/docs/46415

-1059-File transfer skills in the red team post penetration test:

https://www.exploit-db.com/docs/46515

-1060-How To Exploit PHP Remotely To Bypass Filters & WAF Rules:

https://www.exploit-db.com/docs/46049

-1061-Flying under the radar:

https://www.exploit-db.com/docs/45898

-1062-what is google hacking? and why it is useful ?and how you can learn how to use it:

https://twitter.com/cry__pto/status/1142497470825545729?s=20

-1063-useful blogs for penetration testers:

https://twitter.com/cry__pto/status/1142497470825545729?s=20

-1064-useful #BugBounty resources & links & tutorials & explanations & writeups ::

https://twitter.com/cry__pto/status/1143965322233483265?s=20

-1065-Union- based SQL injection:

http://securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html

-1066-Broken access control:

https://www.happybearsoftware.com/quick-check-for-access-control-vulnerabilities-in-rails

-1067-Understanding firewall types and configurations:

http://searchsecurity.techtarget.com/feature/The-five-different-types-of-firewalls

-1068-5 Kali Linux tricks that you may not know:

https://pentester.land/tips-n-tricks/2018/11/09/5-kali-linux-tricks-that-you-may-not-know.html

-1069-5 tips to make the most of Twitter as a pentester or bug bounty hunter:

https://pentester.land/tips-n-tricks/2018/10/23/5-tips-to-make-the-most-of-twitter-as-a-pentester-or-bug-bounty-hunter.html

-1060-A Guide To Subdomain Takeovers:

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

-1061-Advanced Recon Automation (Subdomains) case 1:

https://medium.com/p/9ffc4baebf70

-1062-Security testing for REST API with w3af:

https://medium.com/quick-code/security-testing-for-rest-api-with-w3af-2c43b452e457?source=post_recirc---------0------------------

-1062-The Lazy Hacker:

https://securit.ie/blog/?p=86

-1063-Practical recon techniques for bug hunters & pen testers:

https://github.com/appsecco/practical-recon-levelup0x02/raw/200c43b58e9bf528a33c9dfa826fda89b229606c/practical_recon.md

-1064-A More Advanced Recon Automation #1 (Subdomains):

https://poc-server.com/blog/2019/01/18/advanced-recon-subdomains/

-1065-Expanding your scope (Recon automation #2):

https://poc-server.com/blog/2019/01/31/expanding-your-scope-recon-automation/

-1066-RCE by uploading a web.config:

https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/

-1067-Finding and exploiting Blind XSS:

https://enciphers.com/finding-and-exploiting-blind-xss/

-1068-Google dorks list 2018:

http://conzu.de/en/google-dork-liste-2018-conzu

-1096-Out of Band Exploitation (OOB) CheatSheet:

https://www.notsosecure.com/oob-exploitation-cheatsheet/

-1070-Metasploit Cheat Sheet:

https://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/

-1071-Linux Post Exploitation Cheat Sheet :

red-orbita.com/?p=8455

-1072-OSCP/Pen Testing Resources :

https://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45

-1073-Out Of Band Exploitation (OOB) CheatSheet :

https://packetstormsecurity.com/files/149290/Out-Of-Band-Exploitation-OOB-CheatSheet.html

-1074-HTML5 Security Cheatsheet:

https://html5sec.org/

-1075-Kali Linux Cheat Sheet for Penetration Testers:

https://www.blackmoreops.com/2016/12/20/kali-linux-cheat-sheet-for-penetration-testers/

-1076-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1076-Windows Post-Exploitation Command List:

pentest.tonyng.net/windows-post-exploitation-command-list/

-1077-Transfer files (Post explotation) - CheatSheet

https://ironhackers.es/en/cheatsheet/transferir-archivos-post-explotacion-cheatsheet/

-1078-SQL Injection Cheat Sheet: MSSQL — GracefulSecurity:

https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mssql/

-1079-OSCP useful resources and tools:

https://acknak.fr/en/articles/oscp-tools/

-1080-Penetration Testing 102 - Windows Privilege Escalation - Cheatsheet:

www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet

-1081-Transferring files from Kali to Windows (post exploitation) :

https://blog.ropnop.com/transferring-files-from-kali-to-windows/

-1082-Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit:

https://null-byte.wonderhowto.com/.../hack-like-pro-ultimate-command-cheat-sheet-f...

-1083-OSCP Goldmine (not clickbait):

0xc0ffee.io/blog/OSCP-Goldmine

-1084-Privilege escalation: Linux :

https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux

-1085-Exploitation Tools Archives :

https://pentesttools.net/category/exploitationtools/

-1086-From Local File Inclusion to Remote Code Execution - Part 1:

https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1

-1087-Basic Linux Privilege Escalation:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

-1088-Title: Ultimate Directory Traversal & Path Traversal Cheat Sheet:

www.vulnerability-lab.com/resources/documents/587.txt

-1089-Binary Exploitation:

https://pwndevils.com/hacking/howtwohack.html

1090-A guide to Linux Privilege Escalation:

https://payatu.com/guide-linux-privilege-escalation/

-1091-Penetration Testing Tools Cheat Sheet :

https://news.ycombinator.com/item?id=11977304

-1092-List of Metasploit Commands - Cheatsheet:

https://thehacktoday.com/metasploit-commands/

-1093-A journey into Radare 2 – Part 2: Exploitation:

https://www.megabeets.net/a-journey-into-radare-2-part-2/

-1094-Remote Code Evaluation (Execution) Vulnerability:

https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/

-1095-Exploiting Python Code Injection in Web Applications:

https://www.securitynewspaper.com/.../exploiting-python-code-injection-web-applicat...

-1096-Shells · Total OSCP Guide:

https://sushant747.gitbooks.io/total-oscp-guide/reverse-shell.html

-1097-MongoDB Injection cheat sheet Archives:

https://blog.securelayer7.net/tag/mongodb-injection-cheat-sheet/

-1098-Basic Shellshock Exploitation:

https://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation/

-1099-Wireshark Tutorial and Tactical Cheat Sheet :

https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/

-1100-Windows Command Line cheatsheet (part 2):

https://www.andreafortuna.org/2017/.../windows-command-line-cheatsheet-part-2-wm...

-1101-Detecting WMI exploitation:

www.irongeek.com/i.php?page=videos/derbycon8/track-3-03...exploitation...

1102-Metasploit Cheat Sheet - Hacking Land :

https://www.hacking.land/2019/02/metasploit-cheat-sheet.html

-1103-5 Practical Scenarios for XSS Attacks:

https://pentest-tools.com/blog/xss-attacks-practical-scenarios/

-1104-Ultimate gdb cheat sheet:

http://nadavclaudecohen.com/2017/10/10/ultimate-gdb-cheat-sheet/

-1105-Reverse Engineering Cheat Sheet:

https://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet

-1106-Reverse Engineering Cheat Sheet:

https://www.scribd.com/document/94575179/Reverse-Engineering-Cheat-Sheet

-1107-Reverse Engineering For Malware Analysis:

https://eforensicsmag.com/reverse_engi_cheatsheet/

-1108-Reverse-engineering Cheat Sheets :

https://www.cheatography.com/tag/reverse-engineering/

-1109-Shortcuts for Understanding Malicious Scripts:

https://www.linkedin.com/pulse/shortcuts-understanding-malicious-scripts-viviana-ross

-1110-WinDbg Malware Analysis Cheat Sheet :

https://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/

-1111-Cheat Sheet for Malware Analysis:

https://www.andreafortuna.org/2016/08/16/cheat-sheet-for-malware-analysis/

-1112-Tips for Reverse-Engineering Malicious Code :

https://www.digitalmunition.me/tips-reverse-engineering-malicious-code-new-cheat-sheet

-1113-Cheatsheet for radare2 :

https://leungs.xyz/reversing/2018/04/16/radare2-cheatsheet.html

-1114-Reverse Engineering Cheat Sheets:

https://www.pinterest.com/pin/576390452300827323/

-1115-Reverse Engineering Resources-Beginners to intermediate Guide/Links:

https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed

-1116-Malware Resources :

https://www.professor.bike/malware-resources

-1117-Zero-day exploits: A cheat sheet for professionals:

https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/

-1118-Getting cozy with exploit development:

https://0x00sec.org/t/getting-cozy-with-exploit-development/5311

-1119-appsec - Web Security Cheatsheet :

https://security.stackexchange.com/questions/2985/web-security-cheatsheet-todo-list

-1120-PEDA - Python Exploit Development Assistance For GDB:

https://www.pinterest.ru/pin/789044797190775841/

-1121-Exploit Development Introduction (part 1) :

https://www.cybrary.it/video/exploit-development-introduction-part-1/

-1122-Windows Exploit Development: A simple buffer overflow example:

https://medium.com/bugbountywriteup/windows-expliot-dev-101-e5311ac284a

-1123-Exploit Development-Everything You Need to Know:

https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/

-1124-Exploit Development :

https://0x00sec.org/c/exploit-development

-1125-Exploit Development - Infosec Resources:

https://resources.infosecinstitute.com/category/exploit-development/

-1126-Exploit Development :

https://www.reddit.com/r/ExploitDev/

-1127-A Study in Exploit Development - Part 1: Setup and Proof of Concept :

https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept

-1128-Exploit Development for Beginners:

https://www.youtube.com/watch?v=tVDuuz60KKc

-1129-Introduction to Exploit Development:

https://www.fuzzysecurity.com/tutorials/expDev/1.html

-1130-Exploit Development And Reverse Engineering:

https://www.immunitysec.com/services/exploit-dev-reverse-engineering.html

-1131-wireless forensics:

https://www.sans.org/reading-room/whitepapers/wireless/80211-network-forensic-analysis-33023

-1132-fake AP Detection:

https://www.sans.org/reading-room/whitepapers/detection/detecting-preventing-rogue-devices-network-1866

-1133-In-Depth analysis of SamSam Ransomware:

https://www.crowdstrike.com/blog/an-in-depth-analysis-of-samsam-ransomware-and-boss-spider/

-1134-WannaCry ransomware:

https://www.endgame.com/blog/technical-blog/wcrywanacry-ransomware-technical-analysis

-1135-malware analysis:

https://www.sans.org/reading-room/whitepapers/malicious/paper/2103

-1136-Metasploit's detailed communication and protocol writeup:

https://www.exploit-db.com/docs/english/27935-metasploit---the-exploit-learning-tree.pdf

-1137-Metasploit's SSL-generation module::

https://github.com/rapid7/metasploit-framework/blob/76954957c740525cff2db5a60bcf936b4ee06c42/lib/rex/post/meterpreter/client.rb

-1139-Empire IOCs::

https://www.sans.org/reading-room/whitepapers/detection/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

-1140-excellent free training on glow analysis:

http://opensecuritytraining.info/Flow.html

-1141-NetFlow using Silk:

https://tools.netsa.cert.org/silk/analysis-handbook.pdf

-1142-Deep Packet Inspection:

https://is.muni.cz/th/ql57c/dp-svoboda.pdf

-1143-Detecting Behavioral Personas with OSINT and Datasploit:

https://www.exploit-db.com/docs/45543

-1144-WordPress Penetration Testing using WPScan and MetaSploit:

https://www.exploit-db.com/docs/45556

-1145-Bulk SQL Injection using Burp-to-SQLMap:

https://www.exploit-db.com/docs/45428

-1146-XML External Entity Injection - Explanation and Exploitation:

https://www.exploit-db.com/docs/45374

-1147- Web Application Firewall (WAF) Evasion Techniques #3 (CloudFlare and ModSecurity OWASP CRS3):

https://www.exploit-db.com/docs/45368

-1148-File Upload Restrictions Bypass:

https://www.exploit-db.com/docs/45074

-1149-VLAN Hopping Attack:

https://www.exploit-db.com/docs/45050

-1150-Jigsaw Ransomware Analysis using Volatility:

https://medium.com/@0xINT3/jigsaw-ransomware-analysis-using-volatility-2047fc3d9be9

-1151-Ransomware early detection by the analysis of file sharing traffic:

https://www.sciencedirect.com/science/article/pii/S108480451830300X

-1152-Do You Think You Can Analyse Ransomware?:

https://medium.com/asecuritysite-when-bob-met-alice/do-you-think-you-can-analyse-ransomware-bbc813b95529

-1153-Analysis of LockerGoga Ransomware :

https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/

-1154-Detection and Forensic Analysis of Ransomware Attacks :

https://www.netfort.com/assets/NetFort-Ransomware-White-Paper.pdf

-1155-Bad Rabbit Ransomware Technical Analysis:

https://logrhythm.com/blog/bad-rabbit-ransomware-technical-analysis/

-1156-NotPetya Ransomware analysis :

https://safe-cyberdefense.com/notpetya-ransomware-analysis/

-1157-Identifying WannaCry on Your Server Using Logs:

https://www.loggly.com/blog/identifying-wannacry-server-using-logs/

-1158-The past, present, and future of ransomware:

https://www.itproportal.com/features/the-past-present-and-future-of-ransomware/

-1159-The dynamic analysis of WannaCry ransomware :

https://ieeexplore.ieee.org/iel7/8318543/8323471/08323682.pdf

-1160-Malware Analysis: Ransomware - SlideShare:

https://www.slideshare.net/davidepiccardi/malware-analysis-ransomware

-1161-Article: Anatomy of ransomware malware: detection, analysis :

https://www.inderscience.com/info/inarticle.php?artid=84399

-1162-Tracking desktop ransomware payments :

https://www.blackhat.com/docs/us-17/wednesday/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf

-1163-What is Ransomware? Defined, Explained, and Explored:

https://www.forcepoint.com/cyber-edu/ransomware

-1164-Detect and Recover from Ransomware Attacks:

https://www.indexengines.com/ransomware

-1165-Wingbird rootkit analysis:

https://artemonsecurity.blogspot.com/2017/01/wingbird-rootkit-analysis.html

-1166-Windows Kernel Rootkits: Techniques and Analysis:

https://www.offensivecon.org/trainings/2019/windows-kernel-rootkits-techniques-and-analysis.html

-1167-Rootkit: What is a Rootkit and How to Detect It :

https://www.veracode.com/security/rootkit

-1168-Dissecting Turla Rootkit Malware Using Dynamic Analysis:

https://www.lastline.com/.../dissecting-turla-rootkit-malware-using-dynamic-analysis/

-1169-Rootkits and Rootkit Detection (Windows Forensic Analysis) Part 2:

https://what-when-how.com/windows-forensic-analysis/rootkits-and-rootkit-detection-windows-forensic-analysis-part-2/

-1170-ZeroAccess – an advanced kernel mode rootkit :

https://www.botnetlegalnotice.com/ZeroAccess/files/Ex_12_Decl_Anselmi.pdf

-1171-Rootkit Analysis Identification Elimination:

https://acronyms.thefreedictionary.com/Rootkit+Analysis+Identification+Elimination

-1172-TDL3: The Rootkit of All Evil?:

static1.esetstatic.com/us/resources/white-papers/TDL3-Analysis.pdf

-1173-Avatar Rootkit: Dropper Analysis:

https://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-1/

-1174-Sality rootkit analysis:

https://www.prodefence.org/sality-rootkit-analysis/

-1175-RootKit Hook Analyzer:

https://www.resplendence.com/hookanalyzer/

-1176-Behavioral Analysis of Rootkit Malware:

https://isc.sans.edu/forums/diary/Behavioral+Analysis+of+Rootkit+Malware/1487/

-1177-Malware Memory Analysis of the IVYL Linux Rootkit:

https://apps.dtic.mil/docs/citations/AD1004349

-1178-Analysis of the KNARK rootkit :

https://linuxsecurity.com/news/intrusion-detection/analysis-of-the-knark-rootkit

-1179-32 Bit Windows Kernel Mode Rootkit Lab Setup with INetSim :

https://medium.com/@eaugusto/32-bit-windows-kernel-mode-rootkit-lab-setup-with-inetsim-e49c22e9fcd1

-1180-Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques:

https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process

-1181-Code & Process Injection - Red Teaming Experiments:

https://ired.team/offensive-security/code-injection-process-injection

-1182-What Malware Authors Don't want you to know:

https://www.blackhat.com/.../asia-17-KA-What-Malware-Authors-Don't-Want-You-To-Know

-1183-.NET Process Injection:

https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc

-1184-Memory Injection like a Boss :

https://www.countercept.com/blog/memory-injection-like-a-boss/

-1185-Process injection - Malware style:

https://www.slideshare.net/demeester1/process-injection

-1186-Userland API Monitoring and Code Injection Detection:

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

-1187-Unpacking Redaman Malware & Basics of Self-Injection Packers:

https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/

-1188-Code injection on macOS:

https://knight.sc/malware/2019/03/15/code-injection-on-macos.html

-1189-(Shell)Code Injection In Linux Userland :

https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md

-1190-Code injection on Windows using Python:

https://www.andreafortuna.org/2018/08/06/code-injection-on-windows-using-python-a-simple-example/

-1191-What is Reflective DLL Injection and how can be detected?:

https://www.andreafortuna.org/cybersecurity/what-is-reflective-dll-injection-and-how-can-be-detected/

-1192-Windows Process Injection:

https://modexp.wordpress.com/2018/08/23/process-injection-propagate/

-1193-A+ cheat sheet:

https://www.slideshare.net/abnmi/a-cheat-sheet

-1194-A Bettercap Tutorial — From Installation to Mischief:

https://danielmiessler.com/study/bettercap/

-1195-Debugging Malware with WinDbg:

https://www.ixiacom.com/company/blog/debugging-malware-windbg

-1195-Malware analysis, my own list of tools and resources:

https://www.andreafortuna.org/2016/08/05/malware-analysis-my-own-list-of-tools-and-resources/

-1196-Getting Started with Reverse Engineering:

https://lospi.net/developing/software/.../assembly/2015/03/.../reversing-with-ida.html

-1197-Debugging malicious windows scriptlets with Google chrome:

https://medium.com/@0xamit/debugging-malicious-windows-scriptlets-with-google-chrome-c31ba409975c

-1198-Intro to Radare2 for Malware Analysis:

https://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/

-1199-Intro to Malware Analysis and Reverse Engineering:

https://www.cybrary.it/course/malware-analysis/

-1200-Common Malware Persistence Mechanisms:

https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/

-1201-Finding Registry Malware Persistence with RECmd:

https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd

-1202-Windows Malware Persistence Mechanisms :

https://www.swordshield.com/blog/windows-malware-persistence-mechanisms/

-1203- persistence techniques:

https://www.andreafortuna.org/2017/07/06/malware-persistence-techniques/

-1204- Persistence Mechanism - an overview | ScienceDirect Topics:

https://www.sciencedirect.com/topics/computer-science/persistence-mechanism

-1205-Malware analysis for Linux:

https://www.sothis.tech/en/malware-analysis-for-linux-wirenet/

-1206-Linux Malware Persistence with Cron:

https://www.sandflysecurity.com/blog/linux-malware-persistence-with-cron/

-1207-What is advanced persistent threat (APT)? :

https://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT

-1208-Malware Analysis, Part 1: Understanding Code Obfuscation :

https://www.vadesecure.com/en/malware-analysis-understanding-code-obfuscation-techniques/

-1209-Top 6 Advanced Obfuscation Techniques:

https://sensorstechforum.com/advanced-obfuscation-techniques-malware/

-1210-Malware Obfuscation Techniques:

https://dl.acm.org/citation.cfm?id=1908903

-1211-How Hackers Hide Their Malware: Advanced Obfuscation:

https://www.darkreading.com/attacks-breaches/how-hackers-hide-their-malware-advanced-obfuscation/a/d-id/1329723

-1212-Malware obfuscation techniques: four simple examples:

https://www.andreafortuna.org/2016/10/13/malware-obfuscation-techniques-four-simple-examples/

-1213-Malware Monday: Obfuscation:

https://medium.com/@bromiley/malware-monday-obfuscation-f65239146db0

-1213-Challenge of Malware Analysis: Malware obfuscation Techniques:

https://www.ijiss.org/ijiss/index.php/ijiss/article/view/327

-1214-Static Malware Analysis - Infosec Resources:

https://resources.infosecinstitute.com/malware-analysis-basics-static-analysis/

-1215-Malware Basic Static Analysis:

https://medium.com/@jain.sm/malware-basic-static-analysis-cf19b4600725

-1216-Difference Between Static Malware Analysis and Dynamic Malware Analysis:

http://www.differencebetween.net/technology/difference-between-static-malware-analysis-and-dynamic-malware-analysis/

-1217-What is Malware Analysis | Different Tools for Malware Analysis:

https://blog.comodo.com/different-techniques-for-malware-analysis/

-1218-Detecting Malware Pre-execution with Static Analysis and Machine Learning:

https://www.sentinelone.com/blog/detecting-malware-pre-execution-static-analysis-machine-learning/

-1219-Limits of Static Analysis for Malware Detection:

https://ieeexplore.ieee.org/document/4413008

-1220-Kernel mode versus user mode:

https://blog.codinghorror.com/understanding-user-and-kernel-mode/

-1221-Understanding the ELF:

https://medium.com/@MrJamesFisher/understanding-the-elf-4bd60daac571

-1222-Windows Privilege Abuse: Auditing, Detection, and Defense:

https://medium.com/palantir/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e

-1223-First steps to volatile memory analysis:

https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

-1224-Maliciously Mobile: A Brief History of Mobile Malware:

https://medium.com/threat-intel/mobile-malware-infosec-history-70f3fcaa61c8

-1225-Modern Binary Exploitation Writeups 0x01:

https://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4

-1226-Exploit Development 01 — Terminology:

https://medium.com/@MKahsari/exploit-development-01-terminology-db8c19db80d5

-1227-Zero-day exploits: A cheat sheet for professionals:

https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/

-1228-Best google hacking list on the net:

https://pastebin.com/x5LVJu9T

-1229-Google Hacking:

https://pastebin.com/6nsVK5Xi

-1230-OSCP links:

https://pastebin.com/AiYV80uQ

-1231-Pentesting 1 Information gathering:

https://pastebin.com/qLitw9eT

-1232-OSCP-Survival-Guide:

https://pastebin.com/kdc6th08

-1233-Googledork:

https://pastebin.com/qKwU37BK

-1234-Exploit DB:

https://pastebin.com/De4DNNKK

-1235-Dorks:

https://pastebin.com/cfVcqknA

-1236-GOOGLE HACKİNG DATABASE:

https://pastebin.com/1ndqG7aq

-1237-Carding Dorks 2019:

https://pastebin.com/Hqsxu6Nn

-1238-17k Carding Dorks 2019:

https://pastebin.com/fgdZxy74

-1239-CARDING DORKS 2019:

https://pastebin.com/Y7KvzZqg

-1240-sqli dork 2019:

https://pastebin.com/8gdeLYvU

-1241-Private Carding Dorks 2018:

https://pastebin.com/F0KxkMMD

-1242-20K dorks list fresh full carding 2018:

https://pastebin.com/LgCh0NRJ

-1243-8k Carding Dorks :):

https://pastebin.com/2bjBPiEm

-1244-8500 SQL DORKS:

https://pastebin.com/yeREBFzp

-1245-REAL CARDING DORKS:

https://pastebin.com/0kMhA0Gb

-1246-15k btc dorks:

https://pastebin.com/zbbBXSfG

-1247-Sqli dorks 2016-2017:

https://pastebin.com/7TQiMj3A

-1248-Here is kind of a tutorial on how to write google dorks.:

https://pastebin.com/hZCXrAFK

-1249-10k Private Fortnite Dorks:

https://pastebin.com/SF9UmG1Y

-1250-find login panel dorks:

https://pastebin.com/9FGUPqZc

-1251-Shell dorks:

https://pastebin.com/iZBFQ5yp

-1252-HQ PAID GAMING DORKS:

https://pastebin.com/vNYnyW09

-1253-10K HQ Shopping DORKS:

https://pastebin.com/HTP6rAt4

-1254-Exploit Dorks for Joomla,FCK and others 2015 Old but gold:

https://pastebin.com/ttxAJbdW

-1255-Gain access to unsecured IP cameras with these Google dorks:

https://pastebin.com/93aPbwwE

-1256-new fresh dorks:

https://pastebin.com/ZjdxBbNB

-1257-SQL DORKS FOR CC:

https://pastebin.com/ZQTHwk2S

-1258-Wordpress uploadify Dorks Priv8:

https://pastebin.com/XAGmHVUr

-1259-650 DORKS CC:

https://pastebin.com/xZHARTyz

-1260-3k Dorks Shopping:

https://pastebin.com/e1XiNa8M

-1261-DORKS 2018 :

https://pastebin.com/YAZkPJ0j

-1262-HQ FORTNITE DORKS LIST:

https://pastebin.com/rzhiNad8

-1263-HQ PAID DORKS MIXED GAMING LOL STEAM ..MUSIC SHOPING:

https://pastebin.com/VwVpAvj2

-1264-Camera dorks:

https://pastebin.com/fsARft2j

-1265-Admin Login Dorks:

https://pastebin.com/HWWNZCph

-1266-sql gov dorks:

https://pastebin.com/C8wqyNW8

-1267-10k hq gaming dorks:

https://pastebin.com/cDLN8edi

-1268-HQ SQLI Google Dorks For Shops/Amazon! Enjoy! :

https://pastebin.com/y59kK2h0

-1269-Dorks:

https://pastebin.com/PKvZYMAa

-1270-10k btc dorks:

https://pastebin.com/vRnxvbCu

-1271-7,000 Dorks for hacking into various sites:

https://pastebin.com/n8JVQv3X

-1272-List of information gathering search engines/tools etc:

https://pastebin.com/GTX9X5tF

-1273-FBOSINT:

https://pastebin.com/5KqnFS0B

-1274-Ultimate Penetration Testing:

https://pastebin.com/4EEeEnXe

-1275-massive list of information gathering search engines/tools :

https://pastebin.com/GZ9TVxzh

-1276-CEH Class:

https://pastebin.com/JZdCHrN4

-1277-CEH/CHFI Bundle Study Group Sessions:

https://pastebin.com/XTwksPK7

-1278-OSINT - Financial:

https://pastebin.com/LtxkUi0Y

-1279-Most Important Security Tools and Resources:

https://pastebin.com/cGE8rG04

-1280-OSINT resources from inteltechniques.com:

https://pastebin.com/Zbdz7wit

-1281-Red Team Tips:

https://pastebin.com/AZDBAr1m

-1282-OSCP Notes by Ash:

https://pastebin.com/wFWx3a7U

-1283-OSCP Prep:

https://pastebin.com/98JG5f2v

-1284-OSCP Review/Cheat Sheet:

https://pastebin.com/JMMM7t4f

-1285-OSCP Prep class:

https://pastebin.com/s59GPJrr

-1286-Complete Anti-Forensics Guide:

https://pastebin.com/6V6wZK0i

-1287-The Linux Command Line Cheat Sheet:

https://pastebin.com/PUtWDKX5

-1288-Command-Line Log Analysis:

https://pastebin.com/WEDwpcz9

-1289-An A-Z Index of the Apple macOS command line (OS X):

https://pastebin.com/RmPLQA5f

-1290-San Diego Exploit Development 2018:

https://pastebin.com/VfwhT8Yd

-1291-Windows Exploit Development Megaprimer:

https://pastebin.com/DvdEW4Az

-1292-Some Free Reverse engineering resources:

https://pastebin.com/si2ThQPP

-1293-Sans:

https://pastebin.com/MKiSnjLm

-1294-Metasploit Next Level:

https://pastebin.com/0jC1BUiv

-1295-Just playing around....:

https://pastebin.com/gHXPzf6B

-1296-Red Team Course:

https://pastebin.com/YUYSXNpG

-1297-New Exploit Development 2018:

https://pastebin.com/xaRxgYqQ

-1298-Good reviews of CTP/OSCE (in no particular order)::

https://pastebin.com/RSPbatip

-1299-Vulnerability Research Engineering Bookmarks Collection v1.0:

https://pastebin.com/8mUhjGSU

-1300-Professional-hacker's Pastebin :

https://pastebin.com/u/Professional-hacker

-1301-Google Cheat Sheet:

http://www.googleguide.com/print/adv_op_ref.pdf

-1302-Shodan for penetration testers:

https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf

-1303-Linux networking tools:

https://gist.github.com/miglen/70765e663c48ae0544da08c07006791f

-1304-DNS spoofing with NetHunter:

https://cyberarms.wordpress.com/category/nethunter-tutorial/

-1305-Tips on writing a penetration testing report:

https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343

-1306-Technical penetration report sample:

https://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdf

-1307-Nessus sample reports:

https://www.tenable.com/products/nessus/sample-reports

-1308-Sample penetration testing report:

https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf

-1309-jonh-the-ripper-cheat-sheet:

https://countuponsecurity.com/2015/06/14/jonh-the-ripper-cheat-sheet/

-1310-ultimate guide to cracking foreign character passwords using hashcat:

http://www.netmux.com/blog/ultimate-guide-to-cracking-foreign-character-passwords-using-has

-1311-Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III:

https://www.unix-ninja.com/p/Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III

-1312-cracking story how i cracked over 122 million sha1 and md5 hashed passwords:

http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/

-1313-CSA (Cloud Security Alliance) Security White Papers:

https://cloudsecurityalliance.org/download/

-1314-NIST Security Considerations in the System Development Life Cycle:

https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-64r2.pdf

-1315-ISO 29100 information technology security techniques privacy framework:

https://www.iso.org/standard/45123.html

-1316-NIST National Checklist Program:

https://nvd.nist.gov/ncp/repository

-1317-OWASP Guide to Cryptography:

https://www.owasp.org/index.php/Guide_to_Cryptography

-1318-NVD (National Vulnerability Database):

https://nvd.nist.gov/

-1319-CVE details:

https://cvedetails.com/

-1320-CIS Cybersecurity Tools:

https://www.cisecurity.org/cybersecurity-tools/

-1321-Security aspects of virtualization by ENISA:

https://www.enisa.europa.eu/publications/security-aspects-of-virtualization/

-1322-CIS Benchmarks also provides a security guide for VMware, Docker, and Kubernetes:

https://www.cisecurity.org/cis-benchmarks/

-1323-OpenStack's hardening of the virtualization layer provides a secure guide to building the virtualization layer:

https://docs.openstack.org/security-guide/compute/hardening-the-virtualization-layers.html

-1324-Docker security:

https://docs.docker.com/engine/security/security/

-1325-Microsoft Security Development Lifecycle:

http://www.microsoft.com/en-us/SDL/

-1326-OWASP SAMM Project:

https://www.owasp.org/index.php/OWASP_SAMM_Project

-1327-CWE/SANS Top 25 Most Dangerous Software Errors:

https://cwe.mitre.org/top25/

-1329-OWASP Vulnerable Web Applications Directory Project:

https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project

-1330-CERT Secure Coding Standards:

https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards

-1331-NIST Special Publication 800-53:

https://nvd.nist.gov/800-53

-1332-SAFECode Security White Papers:

https://safecode.org/publications/

-1333-Microsoft Threat Modeling tool 2016:

https://aka.ms/tmt2016/

-1334-Apache Metron for real-time big data security:

http://metron.apache.org/documentation/

-1335-Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process:

https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf

-1336-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:

http://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-18r1.pdf

-1337-ITU-T X.805 (10/2003) Security architecture for systems providing end- to-end communications:

https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.805-200310-I!!PDF-E&type=items

-1338-ETSI TS 102 165-1 V4.2.1 (2006-12) : Method and proforma for Threat, Risk, Vulnerability Analysis:

http://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.01_60/ts_10216501v040201p.pdf

-1339-SAFECode Fundamental Practices for Secure Software Development:

https://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf

-1340-NIST 800-64 Security Considerations in the System Development Life Cycle:

https://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final

-1341-SANS A Security Checklist for Web Application Design:

https://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389

-1342-Best Practices for implementing a Security Awareness Program:

https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf

-1343-ETSI TS 102 165-1 V4.2.1 (2006-12): Method and proforma for Threat, Risk, Vulnerability Analysis:

http://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.03_60/ts_10216501v040203p.pdf

-1344-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:

https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final

-1345-SafeCode Tactical Threat Modeling:

https://safecode.org/safecodepublications/tactical-threat-modeling/

-1346-SANS Web Application Security Design Checklist:

https://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389

-1347-Data Anonymization for production data dumps:

https://github.com/sunitparekh/data-anonymization

-1348-SANS Continuous Monitoring—What It Is, Why It Is Needed, and How to Use It:

https://www.sans.org/reading-room/whitepapers/analyst/continuous-monitoring-is-needed-35030

-1349-Guide to Computer Security Log Management:

https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=50881

-1350-Malware Indicators:

https://github.com/citizenlab/malware-indicators

-1351-OSINT Threat Feeds:

https://www.circl.lu/doc/misp/feed-osint/

-1352-SANS How to Use Threat Intelligence effectively:

https://www.sans.org/reading-room/whitepapers/analyst/threat-intelligence-is-effectively-37282

-1353-NIST 800-150 Guide to Cyber Threat Information Sharing:

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-150.pdf

-1354-Securing Web Application Technologies Checklist:

https://software-security.sans.org/resources/swat

-1355-Firmware Security Training:

https://github.com/advanced-threat-research/firmware-security-training

-1356-Burp Suite Bootcamp:

https://pastebin.com/5sG7Rpg5

-1357-Web app hacking:

https://pastebin.com/ANsw7WRx

-1358-XSS Payload:

https://pastebin.com/EdxzE4P1

-1359-XSS Filter Evasion Cheat Sheet:

https://pastebin.com/bUutGfSy

-1360-Persistence using RunOnceEx – Hidden from Autoruns.exe:

https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/

-1361-Windows Operating System Archaeology:

https://www.slideshare.net/enigma0x3/windows-operating-system-archaeology

-1362-How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky:

https://www.prodefence.org/how-to-backdoor-windows-10-using-an-android-phone-usb-rubber-ducky/

-1363-Malware Analysis using Osquery :

https://hackernoon.com/malware-analysis-using-osquery-part-2-69f08ec2ecec

-1364-Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals :

https://holdmybeersecurity.com/2019/02/27/sysinternals-for-windows-incident-response/

-1365-Userland registry hijacking:

https://3gstudent.github.io/Userland-registry-hijacking/

-1366-Malware Hiding Techniques to Watch for: AlienVault Labs:

https://www.alienvault.com/blogs/labs-research/malware-hiding-techniques-to-watch-for-alienvault-labs

-1367- Full text of "Google hacking for penetration testers" :

https://archive.org/stream/pdfy-TPtNL6_ERVnbod0r/Google+Hacking+-+For+Penetration+Tester_djvu.txt

-1368- Full text of "Long, Johnny Google Hacking For Penetration Testers" :

https://archive.org/stream/LongJohnnyGoogleHackingForPenetrationTesters/Long%2C%20Johnny%20-%20Google%20Hacking%20for%20Penetration%20Testers_djvu.txt

-1369- Full text of "Coding For Penetration Testers" :

https://archive.org/stream/CodingForPenetrationTesters/Coding%20for%20Penetration%20Testers_djvu.txt

-1370- Full text of "Hacking For Dummies" :

https://archive.org/stream/HackingForDummies/Hacking%20For%20Dummies_djvu.txt

-1371-Full text of "Wiley. Hacking. 5th. Edition. Jan. 2016. ISBN. 1119154685. Profescience.blogspot.com" :

https://archive.org/stream/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com_djvu.txt

-1372- Full text of "Social Engineering The Art Of Human Hacking" :

https://archive.org/stream/SocialEngineeringTheArtOfHumanHacking/Social%20Engineering%20-%20The%20Art%20of%20Human%20Hacking_djvu.txt

-1373- Full text of "CYBER WARFARE" :

https://archive.org/stream/CYBERWARFARE/CYBER%20WARFARE_djvu.txt

-1374-Full text of "NSA DOCID: 4046925 Untangling The Web: A Guide To Internet Research" :

https://archive.org/stream/Untangling_the_Web/Untangling_the_Web_djvu.txt

-1375- Full text of "sectools" :

https://archive.org/stream/sectools/hack-the-stack-network-security_djvu.txt

-1376- Full text of "Aggressive network self-defense" :

https://archive.org/stream/pdfy-YNtvDJueGZb1DCDA/Aggressive%20Network%20Self-Defense_djvu.txt

-1377-Community Texts:

https://archive.org/details/opensource?and%5B%5D=%28language%3Aeng+OR+language%3A%22English%22%29+AND+subject%3A%22google%22

-1378- Full text of "Cyber Spying - Tracking (sometimes).PDF (PDFy mirror)" :

https://archive.org/stream/pdfy-5-Ln_yPZ22ondBJ8/Cyber%20Spying%20-%20Tracking%20%28sometimes%29_djvu.txt

-1379- Full text of "Enzyclopedia Of Cybercrime" :

https://archive.org/stream/EnzyclopediaOfCybercrime/Enzyclopedia%20Of%20Cybercrime_djvu.txt

-1380- Full text of "Information Security Management Handbook" :

https://archive.org/stream/InformationSecurityManagementHandbook/Information%20Security%20Management%20Handbook_djvu.txt

-1381- Full text of "ARMArchitecture Reference Manual" :

https://archive.org/stream/ARMArchitectureReferenceManual/DetectionOfIntrusionsAndMalwareAndVulnerabilityAssessment2016_djvu.txt

-1382- Full text of "Metasploit The Penetration Tester S Guide" :

https://archive.org/stream/MetasploitThePenetrationTesterSGuide/Metasploit-The+Penetration+Tester+s+Guide_djvu.txt

-1383-Tips & tricks to master Google’s search engine:

https://medium.com/infosec-adventures/google-hacking-39599373be7d

-1384-Ethical Google Hacking - Sensitive Doc Dork (Part 2) :

https://securing-the-stack.teachable.com/courses/ethical-google-hacking-1/lectures/3877866

-1385- Google Hacking Secrets:the Hidden Codes of Google :

https://www.ma-no.org/en/security/google-hacking-secrets-the-hidden-codes-of-google

-1386-google hacking:

https://www.slideshare.net/SamNizam/3-google-hacking

-1387-How Penetration Testers Use Google Hacking:

https://www.cqure.nl/kennisplatform/how-penetration-testers-use-google-hacking

-1388-Free Automated Malware Analysis Sandboxes and Services:

https://zeltser.com/automated-malware-analysis/

-1389-How to get started with Malware Analysis and Reverse Engineering:

https://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/

-1390-Handy Tools And Websites For Malware Analysis:

https://www.informationsecuritybuzz.com/articles/handy-tools-and-websites/

-1391-Dynamic Malware Analysis:

prasannamundas.com/share/dynamic-malware-analysis/

-1392-Intro to Radare2 for Malware Analysis:

https://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/

-1393-Detecting malware through static and dynamic techniques:

https://technical.nttsecurity.com/.../detecting-malware-through-static-and-dynamic-tec...

-1394-Malware Analysis Tutorial : Tricks for Confusing Static Analysis Tools:

https://www.prodefence.org/malware-analysis-tutorial-tricks-confusing-static-analysis-tools

-1395-Malware Analysis Lab At Home In 5 Steps:

https://ethicalhackingguru.com/malware-analysis-lab-at-home-in-5-steps/

-1396-Malware Forensics Guide - Static and Dynamic Approach:

https://www.yeahhub.com/malware-forensics-guide-static-dynamic-approach/

-1397-Top 30 Bug Bounty Programs in 2019:

https://www.guru99.com/bug-bounty-programs.html

-1398-Introduction - Book of BugBounty Tips:

https://gowsundar.gitbook.io/book-of-bugbounty-tips/

-1399-List of bug bounty writeups:

https://pentester.land/list-of-bug-bounty-writeups.html

-1400-Tips From A Bugbounty Hunter:

https://www.secjuice.com/bugbounty-hunter/

-1401-Cross Site Scripting (XSS) - Book of BugBounty Tips:

https://gowsundar.gitbook.io/book-of-bugbounty-tips/cross-site-scripting-xss

-1402-BugBountyTips:

https://null0xp.wordpress.com/tag/bugbountytips/

-1403-Xss Filter Bypass Payloads:

www.oroazteca.net/mq67/xss-filter-bypass-payloads.html

-1404-Bug Bounty Methodology:

https://eforensicsmag.com/bug-bounty-methodology-ttp-tacticstechniques-and-procedures-v-2-0

-1405-GDB cheat-sheet for exploit development:

www.mannulinux.org/2017/01/gdb-cheat-sheet-for-exploit-development.html

-1406-A Study in Exploit Development - Part 1: Setup and Proof of Concept :

https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept

-1407-Exploit development tutorial :

https://www.computerweekly.com/tutorial/Exploit-development-tutorial-Part-Deux

-1408-exploit code development:

http://www.phreedom.org/presentations/exploit-code-development/exploit-code-development.pdf

-1409-“Help Defeat Denial of Service Attacks: Step-by-Step”:

http://www.sans.org/dosstep/

-1410-Internet Firewalls: Frequently Asked Questions:

http://www.interhack.net/pubs/fwfaq/

-1411-Service Name and Transport Protocol Port Number:

http://www.iana.org/assignments/port-numbers

-1412-10 Useful Open Source Security Firewalls for Linux Systems:

https://www.tecmint.com/open-source-security-firewalls-for-linux-systems/

-1413-40 Linux Server Hardening Security Tips:

https://www.cyberciti.biz/tips/linux-security.html

-1414-Linux hardening: A 15-step checklist for a secure Linux server :

https://www.computerworld.com/.../linux-hardening-a-15-step-checklist-for-a-secure-linux-server

-1415-25 Hardening Security Tips for Linux Servers:

https://www.tecmint.com/linux-server-hardening-security-tips/

-1416-How to Harden Unix/Linux Systems & Close Security Gaps:

https://www.beyondtrust.com/blog/entry/harden-unix-linux-systems-close-security-gaps

-1417-34 Linux Server Security Tips & Checklists for Sysadmins:

https://www.process.st/server-security/

-1418-Linux Hardening:

https://www.slideshare.net/MichaelBoelen/linux-hardening

-1419-23 Hardening Tips to Secure your Linux Server:

https://www.rootusers.com/23-hardening-tips-to-secure-your-linux-server/

-1420-What is the Windows Registry? :

https://www.computerhope.com/jargon/r/registry.htm

-1421-Windows Registry, Everything You Need To Know:

https://www.gammadyne.com/registry.htm

-1422-Windows Registry Tutorial:

https://www.akadia.com/services/windows_registry_tutorial.html

-1423-5 Tools to Scan a Linux Server for Malware and Rootkits:

https://www.tecmint.com/scan-linux-for-malware-and-rootkits/

-1424-Subdomain takeover dew to missconfigured project settings for Custom domain .:

https://medium.com/bugbountywriteup/subdomain-takeover-dew-to-missconfigured-project-settings-for-custom-domain-46e90e702969

-1425-Massive Subdomains p0wned:

https://medium.com/bugbountywriteup/massive-subdomains-p0wned-80374648336e

-1426-Subdomain Takeover: Basics:

https://0xpatrik.com/subdomain-takeover-basics/

-1427-Subdomain Takeover: Finding Candidates:

https://0xpatrik.com/subdomain-takeover-candidates/

-1428-Bugcrowd's Domain & Subdomain Takeover!:

https://bugbountypoc.com/bugcrowds-domain-takeover/

-1429-What Are Subdomain Takeovers, How to Test and Avoid Them?:

https://dzone.com/articles/what-are-subdomain-takeovers-how-to-test-and-avoid

-1430-Finding Candidates for Subdomain Takeovers:

https://jarv.is/notes/finding-candidates-subdomain-takeovers/

-1431-Subdomain takeover of blog.snapchat.com:

https://hackernoon.com/subdomain-takeover-of-blog-snapchat-com-60860de02fe7

-1432-Hostile Subdomain takeove:

https://labs.detectify.com/tag/hostile-subdomain-takeover/

-1433-Microsoft Account Takeover Vulnerability Affecting 400 Million Users:

https://www.safetydetective.com/blog/microsoft-outlook/

-1434-What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?:

https://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/

-1435-Subdomain takeover detection with AQUATONE:

https://michenriksen.com/blog/subdomain-takeover-detection-with-aquatone/

-1436-A hostile subdomain takeover! – Breaking application security:

https://evilenigma.blog/2019/03/12/a-hostile-subdomain-takeover/

-1437-Web Development Reading List:

https://www.smashingmagazine.com/2017/03/web-development-reading-list-172/

-1438-CSRF Attack can lead to Stored XSS:

https://medium.com/bugbountywriteup/csrf-attack-can-lead-to-stored-xss-f40ba91f1e4f

-1439-What is Mimikatz: The Beginner's Guide | Varonis:

https://www.varonis.com/bog/what-is-mimikatz

-1440-Preventing Mimikatz Attacks :

https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5

-1441-Mimikatz tutorial: How it hacks Windows passwords, credentials:

https://searchsecurity.techtarget.com/.../Mimikatz-tutorial-How-it-hacks-Windows-passwords-credentials

-1442-Mimikatz: Walkthrough [Updated 2019]:

https://resources.infosecinstitute.com/mimikatz-walkthrough/

-1443-Mimikatz -Windows Tutorial for Beginner:

https://hacknpentest.com/mimikatz-windows-tutorial-beginners-guide-part-1/

-1444-Mitigations against Mimikatz Style Attacks:

https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks

-1445-Exploring Mimikatz - Part 1 :

https://blog.xpnsec.com/exploring-mimikatz-part-1/

-1446-Powershell AV Evasion. Running Mimikatz with PowerLine:

https://jlajara.gitlab.io/posts/2019/01/27/Mimikatz-AV-Evasion.html

-1447-How to Steal Windows Credentials with Mimikatz and Metasploit:

https://www.hackingloops.com/mimikatz/

-1448-Retrieving NTLM Hashes without touching LSASS:

https://www.andreafortuna.org/2018/03/26/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/

-1449-From Responder to NT Authority\SYSTEM:

https://medium.com/bugbountywriteup/from-responder-to-nt-authority-system-39abd3593319

-1450-Getting Creds via NTLMv2:

https://0xdf.gitlab.io/2019/01/13/getting-net-ntlm-hases-from-windows.html

-1451-Living off the land: stealing NetNTLM hashes:

https://www.securify.nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html

-1452-(How To) Using Responder to capture passwords on a Windows:

www.securityflux.com/?p=303

-1453-Pwning with Responder - A Pentester's Guide:

https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/

-1454-LLMNR and NBT-NS Poisoning Using Responder:

https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/

-1455-Responder - Ultimate Guide :

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/guide/

-1456-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1457-LM, NTLM, Net-NTLMv2, oh my! :

https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4

-1458-SMB Relay Attack Tutorial:

https://intrinium.com/smb-relay-attack-tutorial

-1459-Cracking NTLMv2 responses captured using responder:

https://zone13.io/post/cracking-ntlmv2-responses-captured-using-responder/

-1460-Skip Cracking Responder Hashes and Relay Them:

https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/

-1461-Metasploit's First Antivirus Evasion Modules:

https://blog.rapid7.com/2018/10/09/introducing-metasploits-first-evasion-module/

-1462-Evading Anti-virus Part 1: Infecting EXEs with Shellter:

https://www.hackingloops.com/evading-anti-virus-shellter/

-1463-Evading AV with Shellter:

https://www.securityartwork.es/2018/11/02/evading-av-with-shellter-i-also-have-sysmon-and-wazuh-i/

-1464-Shellter-A Shellcode Injecting Tool :

https://www.hackingarticles.in/shellter-a-shellcode-injecting-tool/

-1465-Bypassing antivirus programs using SHELLTER:

https://myhackstuff.com/shellter-bypassing-antivirus-programs/

-1466-John the Ripper step-by-step tutorials for end-users :

openwall.info/wiki/john/tutorials

-1467-Beginners Guide for John the Ripper (Part 1):

https://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/

-1468-John the Ripper Basics Tutorial:

https://ultimatepeter.com/john-the-ripper-basics-tutorial/

-1469-Crack Windows password with john the ripper:

https://www.securitynewspaper.com/2018/11/27/crack-windows-password-with-john-the-ripper/

-1470-Getting Started Cracking Password Hashes with John the Ripper :

https://www.tunnelsup.com/getting-started-cracking-password-hashes/

-1471-Shell code exploit with Buffer overflow:

https://medium.com/@jain.sm/shell-code-exploit-with-buffer-overflow-8d78cc11f89b

-1472-Shellcoding for Linux and Windows Tutorial :

www.vividmachines.com/shellcode/shellcode.html

-1473-Buffer Overflow Practical Examples :

https://0xrick.github.io/binary-exploitation/bof5/

-1474-Msfvenom shellcode analysis:

https://snowscan.io/msfvenom-shellcode-analysis/

-1475-Process Continuation Shellcode:

https://azeria-labs.com/process-continuation-shellcode/

-1476-Dynamic Shellcode Execution:

https://www.countercept.com/blog/dynamic-shellcode-execution/

-1477-Tutorials: Writing shellcode to binary files:

https://www.fuzzysecurity.com/tutorials/7.html

-1478-Creating Shellcode for an Egg Hunter :

https://securitychops.com/2018/05/26/slae-assignment-3-egghunter-shellcode.html

-1479-How to: Shellcode to reverse bind a shell with netcat :

www.hackerfall.com/story/shellcode-to-reverse-bind-a-shell-with-netcat

-1480-Bashing the Bash — Replacing Shell Scripts with Python:

https://medium.com/capital-one-tech/bashing-the-bash-replacing-shell-scripts-with-python-d8d201bc0989

-1481-How to See All Devices on Your Network With nmap on Linux:

https://www.howtogeek.com/.../how-to-see-all-devices-on-your-network-with-nmap-on-linux

-1482-A Complete Guide to Nmap:

https://www.edureka.co/blog/nmap-tutorial/

-1483-Nmap from Beginner to Advanced :

https://resources.infosecinstitute.com/nmap/

-1484-Using Wireshark: Identifying Hosts and Users:

https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/

-1485-tshark tutorial and filter examples:

https://hackertarget.com/tshark-tutorial-and-filter-examples/

-1486-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:

https://www.guru99.com/fuzz-testing.html

-1487-Tutorial: Dumb Fuzzing - Peach Community Edition:

community.peachfuzzer.com/v3/TutorialDumbFuzzing.html

-1488-HowTo: ExploitDev Fuzzing:

https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/

-1489-Fuzzing with Metasploit:

https://www.corelan.be/?s=fuzzing

-1490-Fuzzing – how to find bugs automagically using AFL:

9livesdata.com/fuzzing-how-to-find-bugs-automagically-using-afl/

-1491-Introduction to File Format Fuzzing & Exploitation:

https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

-1492-0x3 Python Tutorial: Fuzzer:

https://www.primalsecurity.net/0x3-python-tutorial-fuzzer/

-1493-Hunting For Bugs With AFL:

https://research.aurainfosec.io/hunting-for-bugs-101/

-1494-Fuzzing: The New Unit Testing:

https://www.slideshare.net/DmitryVyukov/fuzzing-the-new-unit-testing

-1495-Fuzzing With Peach Framework:

https://www.terminatio.org/fuzzing-peach-framework-full-tutorial-download/

-1496-How we found a tcpdump vulnerability using cloud fuzzing:

https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/

-1497-Finding a Fuzzer: Peach Fuzzer vs. Sulley:

https://medium.com/@jtpereyda/finding-a-fuzzer-peach-fuzzer-vs-sulley-1fcd6baebfd4

-1498-Android malware analysis:

https://www.slideshare.net/rossja/android-malware-analysis-71109948

-1499-15+ Malware Analysis Tools & Techniques :

https://www.template.net/business/tools/malware-analysis/

-1500-30 Online Malware Analysis Sandboxes / Static Analyzers:

https://medium.com/@su13ym4n/15-online-sandboxes-for-malware-analysis-f8885ecb8a35

-1501-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:

https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/

-1502-Cheat Sheets - SANS Digital Forensics:

https://digital-forensics.sans.org/community/cheat-sheets

-1503-Breach detection with Linux filesystem forensics:

https://opensource.com/article/18/4/linux-filesystem-forensics

-1504-Digital Forensics Cheat Sheets Collection :

https://neverendingsecurity.wordpress.com/digital-forensics-cheat-sheets-collection/

-1505-Security Incident Survey Cheat Sheet for Server Administrators:

https://zeltser.com/security-incident-survey-cheat-sheet/

-1506-Digital forensics: A cheat sheet :

https://www.techrepublic.com/article/digital-forensics-the-smart-persons-guide/

-1507-Windows Registry Forensics using 'RegRipper' Command-Line on Linux:

https://www.pinterest.cl/pin/794815034207804059/

-1508-Windows IR Live Forensics Cheat Sheet:

https://www.cheatography.com/koriley/cheat-sheets/windows-ir-live-forensics/

-1509-10 Best Known Forensics Tools That Works on Linux:

https://linoxide.com/linux-how-to/forensics-tools-linux/

-1510-Top 20 Free Digital Forensic Investigation Tools for SysAdmins:

https://techtalk.gfi.com/top-20-free-digital-forensic-investigation-tools-for-sysadmins/

-1511-Windows Volatile Memory Acquisition & Forensics 2018:

https://medium.com/@lucideus/windows-volatile-memory-acquisition-forensics-2018-lucideus-forensics-3f297d0e5bfd

-1512-PowerShell Cheat Sheet :

https://www.digitalforensics.com/blog/powershell-cheat-sheet-2/

-1513-Forensic Artifacts: evidences of program execution on Windows systems:

https://www.andreafortuna.org/forensic-artifacts-evidences-of-program-execution-on-windows-systems

-1514-How to install a CPU?:

https://www.computer-hardware-explained.com/how-to-install-a-cpu.html

-1515-How To Upgrade and Install a New CPU or Motherboard:

https://www.howtogeek.com/.../how-to-upgrade-and-install-a-new-cpu-or-motherboard-or-both

-1516-Installing and Troubleshooting CPUs:

www.pearsonitcertification.com/articles/article.aspx?p=1681054&seqNum=2

-1517-15 FREE Pastebin Alternatives You Can Use Right Away:

https://www.rootreport.com/pastebin-alternatives/

-1518-Basic computer troubleshooting steps:

https://www.computerhope.com/basic.htm

-1519-18 Best Websites to Learn Computer Troubleshooting and Tech support:

http://transcosmos.co.uk/best-websites-to-learn-computer-troubleshooting-and-tech-support

-1520-Post Exploitation with PowerShell Empire 2.3.0 :

https://www.yeahhub.com/post-exploitation-powershell-empire-2-3-0-detailed-tutorial/

-1521-Windows Persistence with PowerShell Empire :

https://www.hackingarticles.in/windows-persistence-with-powershell-empire/

-1522-powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial:

https://www.dudeworks.com/powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial

-1523-Bypassing Anti-Virtus & Hacking Windows 10 Using Empire :

https://zsecurity.org/bypassing-anti-virtus-hacking-windows-10-using-empire/

-1524-Hacking with Empire – PowerShell Post-Exploitation Agent :

https://www.prodefence.org/hacking-with-empire-powershell-post-exploitation-agent/

-1525-Hacking Windows Active Directory Full guide:

www.kalitut.com/hacking-windows-active-directory-full.html

-1526-PowerShell Empire for Post-Exploitation:

https://www.hackingloops.com/powershell-empire/

-1527-Generate A One-Liner – Welcome To LinuxPhilosophy!:

linuxphilosophy.com/rtfm/more/empire/generate-a-one-liner/

-1528-CrackMapExec - Ultimate Guide:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/

-1529-PowerShell Logging and Security:

https://www.secjuice.com/enterprise-powershell-protection-logging/

-1530-Create your own FUD Backdoors with Empire:

http://blog.extremehacking.org/blog/2016/08/25/create-fud-backdoors-empire/

-1531-PowerShell Empire Complete Tutorial For Beginners:

https://video.hacking.reviews/2019/06/powershell-empire-complete-tutorial-for.html

-1532-Bash Bunny: Windows Remote Shell using Metasploit & PowerShell:

https://cyberarms.wordpress.com/.../bash-bunny-windows-remote-shell-using-metasploit-powershell

-1533-Kerberoasting - Stealing Service Account Credentials:

https://www.scip.ch/en/?labs.20181011

-1534-Automating Mimikatz with Empire and DeathStar :

https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/

-1535-Windows oneliners to get shell :

https://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/

-1536-ObfuscatedEmpire :

https://cobbr.io/ObfuscatedEmpire.html

-1537-Pentesting with PowerShell in six steps:

https://periciacomputacional.com/pentesting-with-powershell-in-six-steps/

-1538-Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM):

https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm

-1539-PowerShell Security Best Practices:

https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/

-1540-You can detect PowerShell attacks:

https://www.slideshare.net/Hackerhurricane/you-can-detect-powershell-attacks

-1541-Detecting and Preventing PowerShell Attacks:

https://www.eventsentry.com/.../powershell-pw3rh311-detecting-preventing-powershell-attacks

-1542-Detecting Offensive PowerShell Attack Tools – Active Directory Security:

https://adsecurity.org/?p=2604

-1543-An Internal Pentest Audit Against Active Directory:

https://www.exploit-db.com/docs/46019

-1544-A complete Active Directory Penetration Testing Checklist :

https://gbhackers.com/active-directory-penetration-testing-checklist/

-1545-Active Directory | Penetration Testing Lab:

https://pentestlab.blog/tag/active-directory/

-1546-Building and Attacking an Active Directory lab with PowerShell :

https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell

-1547-Penetration Testing in Windows Server Active Directory using Metasploit:

https://www.hackingarticles.in/penetration-testing-windows-server-active-directory-using-metasploit-part-1

-1548-Red Team Penetration Testing – Going All the Way (Part 2 of 3) :

https://www.anitian.com/red-team-testing-going-all-the-way-part2/

-1549-Penetration Testing Active Directory, Part II:

https://www.jishuwen.com/d/2Mtq

-1550-Gaining Domain Admin from Outside Active Directory:

https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html

-1551-Post Exploitation Cheat Sheet:

https://0xsecurity.com/blog/some-hacking-techniques/post-exploitation-cheat-sheet

-1552-Windows post-exploitation :

https://github.com/emilyanncr/Windows-Post-Exploitation

-1553-OSCP - Windows Post Exploitation :

https://hackingandsecurity.blogspot.com/2017/9/oscp-windows-post-exploitation.html

-1554-Windows Post-Exploitation Command List:

http://pentest.tonyng.net/windows-post-exploitation-command-list/

-1555-Windows Post-Exploitation Command List:

http://tim3warri0r.blogspot.com/2012/09/windows-post-exploitation-command-list.html

-1556-Linux Post-Exploitation · OSCP - Useful Resources:

https://backdoorshell.gitbooks.io/oscp-useful-links/content/linux-post-exploitation.html

-1557-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-1558-Pentesting Cheatsheets - Red Teaming Experiments:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

-1559-OSCP Goldmine:

http://0xc0ffee.io/blog/OSCP-Goldmine

-1560-Linux Post Exploitation Cheat Sheet:

http://red-orbita.com/?p=8455

-1562-OSCP useful resources and tools:

https://acknak.fr/en/articles/oscp-tools/

-1563-Windows Post-Exploitation Command List :

https://es.scribd.com/document/100182787/Windows-Post-Exploitation-Command-List

-1564-Metasploit Cheat Sheet:

https://pentesttools.net/metasploit-cheat-sheet/

-1565-Windows Privilege Escalation:

https://awansec.com/windows-priv-esc.html

-1566-Linux Unix Bsd Post Exploitation:

https://attackerkb.com/Unix/LinuxUnixBSD_Post_Exploitation

-1567-Privilege Escalation & Post-Exploitation:

https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/

-1568-Metasploit Cheat Sheet:

https://vk-intel.org/2016/12/28/metasploit-cheat-sheet/

-1569-Metasploit Cheat Sheet :

https://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/

-1570-Privilege escalation: Linux:

https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux

-1571-Cheat Sheets — Amethyst Security:

https://www.ssddcyber.com/cheatsheets

-1572-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1573-Cheatsheets:

https://h4ck.co/wp-content/uploads/2018/06/cheatsheet.txt

-1574-Are you ready for OSCP?:

https://www.hacktoday.io/t/are-you-ready-for-oscp/59

-1575-Windows Privilege Escalation:

https://labs.p64cyber.com/windows-privilege-escalation/

-1576-A guide to Linux Privilege Escalation:

https://payatu.com/guide-linux-privilege-escalation/

-1577-Windows Post-Exploitation-Cheat-Sheet:

http://pentestpanther.com/2019/07/01/windows-post-exploitation-cheat-sheet/

-1578-Windows Privilege Escalation (privesc) Resources:

https://www.willchatham.com/security/windows-privilege-escalation-privesc-resources/

-1579-Dissecting Mobile Malware:

https://slideplayer.com/slide/3434519/

-1580-Android malware analysis with Radare: Dissecting the Triada Trojan:

www.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triad/

-1581-Dissecting Mobile Native Code Packers:

https://blog.zimperium.com/dissecting-mobile-native-code-packers-case-study/

-1582-What is Mobile Malware? Defined, Explained, and Explored:

https://www.forcepoint.com/cyber-edu/mobile-malware

-1583-Malware Development — Professionalization of an Ancient Art:

https://medium.com/scip/malware-development-professionalization-of-an-ancient-art-4dfb3f10f34b

-1584-Weaponizing Malware Code Sharing with Cythereal MAGIC:

https://medium.com/@arun_73782/cythereal-magic-e68b0c943b1d

-1585-Web App Pentest Cheat Sheet:

https://medium.com/@muratkaraoz/web-app-pentest-cheat-sheet-c17394af773

-1586-The USB Threat is [Still] Real — Pentest Tools for Sysadmins, Continued:

https://medium.com/@jeremy.trinka/the-usb-threat-is-still-real-pentest-tools-for-sysadmins-continued-88560af447bf

-1587-How to Run An External Pentest:

https://medium.com/@_jayhill/how-to-run-an-external-pentest-dd76ed14bb6a

-1588-Advice for new pentesters:

https://medium.com/@PentesterLab/advice-for-new-pentesters-a5f7d75a3aea

-1589-NodeJS Application Pentest Tips:

https://medium.com/bugbountywriteup/nodejs-application-pentest-tips-improper-uri-handling-in-express-390b3a07cb3e

-1590-How to combine Pentesting with Automation to improve your security:

https://medium.com/how-to-combine-pentest-with-automation-to-improve-your-security

-1591-Day 79: FTP Pentest Guide:

https://medium.com/@int0x33/day-79-ftp-pentest-guide-5106967bd50a

-1592-SigintOS: A Wireless Pentest Distro Review:

https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b

-1593-Conducting an IoT Pentest :

https://medium.com/p/6fa573ac6668?source=user_profile...

-1594-Efficient way to pentest Android Chat Applications:

https://medium.com/android-tamer/efficient-way-to-pentest-android-chat-applications-46221d8a040f

-1595-APT2 - Automated PenTest Toolkit :

https://medium.com/media/f1cf43d92a17d5c4c6e2e572133bfeed/href

-1596-Pentest Tools and Distros:

https://medium.com/hacker-toolbelt/pentest-tools-and-distros-9d738d83f82d

-1597-Keeping notes during a pentest/security assessment/code review:

https://blog.pentesterlab.com/keeping-notes-during-a-pentest-security-assessment-code-review-7e6db8091a66?gi=4c290731e24b

-1598-An intro to pentesting an Android phone:

https://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39

-1599-The Penetration Testing Report:

https://medium.com/@mtrdesign/the-penetration-testing-report-38a0a0b25cf2

-1600-VA vs Pentest:

https://medium.com/@play.threepetsirikul/va-vs-pentest-cybersecurity-2a17250d5e03

-1601-Pentest: Hacking WPA2 WiFi using Aircrack on Kali Linux:

https://medium.com/@digitalmunition/pentest-hacking-wpa2-wifi-using-aircrack-on-kali-linux-99519fee946f

-1602-Pentesting Ethereum dApps:

https://medium.com/@brandonarvanaghi/pentesting-ethereum-dapps-2a84c8dfee19

-1603-Android pentest lab in a nutshell :

https://medium.com/@dortz/android-pentest-lab-in-a-nutshell-ee60be8638d3

-1604-Pentest Magazine: Web Scraping with Python :

https://medium.com/@heavenraiza/web-scraping-with-python-170145fd90d3

-1605-Pentesting iOS apps without jailbreak:

https://medium.com/securing/pentesting-ios-apps-without-jailbreak-91809d23f64e

-1606-OSCP/Pen Testing Resources:

https://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45

-1607-Web Application Security & Bug Bounty (Methodology, Reconnaissance, Vulnerabilities, Reporting):

https://blog.usejournal.com/web-application-security-bug-bounty-methodology-reconnaissance-vulnerabilities-reporting-635073cddcf2?gi=4a578db171dc

-1608-Local File Inclusion (LFI) — Web Application Penetration Testing:

https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601

-1609-Local File Inclusion (Basic):

https://medium.com/@kamransaifullah786/local-file-inclusion-basic-242669a7af3

-1610-PHP File Inclusion Vulnerability:

https://www.immuniweb.com/vulnerability/php-file-inclusion.html

-1611-Local File Inclusion:

https://teambi0s.gitlab.io/bi0s-wiki/web/lfi/

-1612-Web Application Penetration Testing: Local File Inclusion:

https://hakin9.org/web-application-penetration-testing-local-file-inclusion-lfi-testing/

-1613-From Local File Inclusion to Code Execution :

https://resources.infosecinstitute.com/local-file-inclusion-code-execution/

-1614-RFI / LFI:

https://security.radware.com/ddos-knowledge-center/DDoSPedia/rfi-lfi/

-1615-From Local File Inclusion to Remote Code Execution - Part 2:

https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-2

-1616-Local File Inclusion:

https://xapax.gitbooks.io/security/content/local_file_inclusion.html

-1617-Beginner Guide to File Inclusion Attack (LFI/RFI) :

https://www.hackingarticles.in/beginner-guide-file-inclusion-attack-lfirfi/

-1618-LFI / RFI:

https://secf00tprint.github.io/blog/payload-tester/lfirfi/en

-1619-LFI and RFI Attacks - All You Need to Know:

https://www.getastra.com/blog/your-guide-to-defending-against-lfi-and-rfi-attacks/

-1620-Log Poisoning - LFI to RCE :

http://liberty-shell.com/sec/2018/05/19/poisoning/

-1621-LFI:

https://www.slideshare.net/cyber-punk/lfi-63050678

-1622-Hand Guide To Local File Inclusion(LFI):

www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html

-1623-Local File Inclusion (LFI) - Cheat Sheet:

https://ironhackers.es/herramientas/lfi-cheat-sheet/

-1624-Web Application Penetration Testing Local File Inclusion (LFI):

https://www.cnblogs.com/Primzahl/p/6258149.html

-1625-File Inclusion Vulnerability Prevention:

https://www.pivotpointsecurity.com/blog/file-inclusion-vulnerabilities/

-1626-The Most In-depth Hacker's Guide:

https://books.google.com/books?isbn=1329727681

-1627-Hacking Essentials: The Beginner's Guide To Ethical Hacking:

https://books.google.com/books?id=e6CHDwAAQBAJ

-1628-Web App Hacking, Part 11: Local File Inclusion:

https://www.hackers-arise.com/.../Web-App-Hacking-Part-11-Local-File-Inclusion-LFI

-1629-Local and remote file inclusion :

https://vulp3cula.gitbook.io/hackers-grimoire/exploitation/web-application/lfi-rfi

-1630-Upgrade from LFI to RCE via PHP Sessions :

https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/

-1631-CVV #1: Local File Inclusion:

https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a

-1632-(PDF) Cross Site Scripting (XSS) in Action:

https://www.researchgate.net/publication/241757130_Cross_Site_Scripting_XSS_in_Action

-1633-XSS exploitation part 1:

www.securityidiots.com/Web-Pentest/XSS/xss-exploitation-series-part-1.html

-1634-Weaponizing self-xss:

https://silentbreaksecurity.com/weaponizing-self-xss/

-1635-Cookie Tracking and Stealing using Cross-Site Scripting:

https://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/

-1636-Defense against the Black Arts:

https://books.google.com/books?isbn=1439821224

-1637-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:

https://www.acunetix.com/websitesecurity/csrf-attacks/

-1638-Bypassing CSRF protection:

https://www.bugbountynotes.com/training/tutorial?id=5

-1639-Stealing CSRF tokens with XSS:

https://digi.ninja/blog/xss_steal_csrf_token.php

-1640-Same Origin Policy and ways to Bypass:

https://medium.com/@minosagap/same-origin-policy-and-ways-to-bypass-250effdc4a12

-1641-Bypassing Same Origin Policy :

https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/

-1642-Client-Side Attack - an overview :

https://www.sciencedirect.com/topics/computer-science/client-side-attack

-1643-Client-Side Injection Attacks:

https://blog.alertlogic.com/blog/client-side-injection-attacks/

-1645-The Client-Side Battle Against JavaScript Attacks Is Already Here:

https://medium.com/swlh/the-client-side-battle-against-javascript-attacks-is-already-here-656f3602c1f2

-1646-Why Let’s Encrypt is a really, really, really bad idea:

https://medium.com/swlh/why-lets-encrypt-is-a-really-really-really-bad-idea-d69308887801

-1647-Huge Guide to Client-Side Attacks:

https://www.notion.so/d382649cfebd4c5da202677b6cad1d40

-1648-OSCP Prep – Episode 11: Client Side Attacks:

https://kentosec.com/2018/09/02/oscp-prep-episode-11-client-side-attacks/

-1649-Client side attack - AV Evasion:

https://rafalharazinski.gitbook.io/security/oscp/untitled-1/client-side-attack

-1650-Client-Side Attack With Metasploit (Part 4):

https://thehiddenwiki.pw/blog/2018/07/23/client-side-attack-metasploit/

-1651-Ransomware: Latest Developments and How to Defend Against Them:

https://www.recordedfuture.com/latest-ransomware-attacks/

-1652-Cookie Tracking and Stealing using Cross-Site Scripting:

https://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/

-1653-How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords:

https://null-byte.wonderhowto.com/.../write-xss-cookie-stealer-javascript-steal-passwords-0180833

-1654-How I was able to steal cookies via stored XSS in one of the famous e-commerce site:

https://medium.com/@bhavarth33/how-i-was-able-to-steal-cookies-via-stored-xss-in-one-of-the-famous-e-commerce-site-3de8ab94437d

-1655-Steal victim's cookie using Cross Site Scripting (XSS) :

https://securityonline.info/steal-victims-cookie-using-cross-site-scripting-xss/

-1656-Remote Code Execution — Damn Vulnerable Web Application(DVWA) - Medium level security:

https://medium.com/@mikewaals/remote-code-execution-damn-vulnerable-web-application-dvwa-medium-level-security-ca283cda3e86

-1657-Remote Command Execution:

https://hacksland.net/remote-command-execution/

-1658-DevOops — An XML External Entity (XXE) HackTheBox Walkthrough:

https://medium.com/bugbountywriteup/devoops-an-xml-external-entity-xxe-hackthebox-walkthrough-fb5ba03aaaa2

-1659-XML External Entity - Beyond /etc/passwd (For Fun & Profit):

https://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/

-1660-XXE - ZeroSec - Adventures In Information Security:

https://blog.zsec.uk/out-of-band-xxe-2/

-1661-Exploitation: XML External Entity (XXE) Injection:

https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection

-1662-Hack The Box: DevOops:

https://redteamtutorials.com/2018/11/11/hack-the-box-devoops/

-1663-Web Application Penetration Testing Notes:

https://techvomit.net/web-application-penetration-testing-notes/

-1664-WriteUp – Aragog (HackTheBox) :

https://ironhackers.es/en/writeups/writeup-aragog-hackthebox/

-1665-Linux Privilege Escalation Using PATH Variable:

https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/

-1666-Linux Privilege Escalation via Automated Script :

https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/

-1667-Privilege Escalation - Linux :

https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html

-1668-Linux Privilege Escalation:

https://percussiveelbow.github.io/linux-privesc/

-1669-Perform Local Privilege Escalation Using a Linux Kernel Exploit :

https://null-byte.wonderhowto.com/how-to/perform-local-privilege-escalation-using-linux-kernel-exploit-0186317/

-1670-Linux Privilege Escalation With Kernel Exploit:

https://www.yeahhub.com/linux-privilege-escalation-with-kernel-exploit-8572-c/

-1671-Reach the root! How to gain privileges in Linux:

https://hackmag.com/security/reach-the-root/

-1672-Enumeration for Linux Privilege Escalation:

https://0x00sec.org/t/enumeration-for-linux-privilege-escalation/1959

-1673-Linux Privilege Escalation Scripts :

https://netsec.ws/?p=309

-1674-Understanding Privilege Escalation:

www.admin-magazine.com/Articles/Understanding-Privilege-Escalation

-1675-Toppo:1 | Vulnhub Walkthrough:

https://medium.com/egghunter/toppo-1-vulnhub-walkthrough-c5f05358cf7d

-1676-Privilege Escalation resources:

https://forum.hackthebox.eu/discussion/1243/privilege-escalation-resources

-1678-OSCP Notes – Privilege Escalation (Linux):

https://securism.wordpress.com/oscp-notes-privilege-escalation-linux/

-1679-Udev Exploit Allows Local Privilege Escalation :

www.madirish.net/370

-1680-Understanding Linux Privilege Escalation and Defending Against It:

https://linux-audit.com/understanding-linux-privilege-escalation-and-defending-againt-it

-1681-Windows Privilege Escalation Using PowerShell:

https://hacknpentest.com/windows-privilege-escalation-using-powershell/

-1682-Privilege Escalation | Azeria Labs:

https://azeria-labs.com/privilege-escalation/

-1683-Abusing SUDO (Linux Privilege Escalation):

https://touhidshaikh.com/blog/?p=790

-1684-Privilege Escalation - Linux:

https://mysecurityjournal.blogspot.com/p/privilege-escalation-linux.html

-1685-0day Linux Escalation Privilege Exploit Collection :

https://blog.spentera.id/0day-linux-escalation-privilege-exploit-collection/

-1686-Linux for Pentester: cp Privilege Escalation :

https://hackin.co/articles/linux-for-pentester-cp-privilege-escalation.html

-1687-Practical Privilege Escalation Using Meterpreter:

https://ethicalhackingblog.com/practical-privilege-escalation-using-meterpreter/

-1688-dirty_sock: Linux Privilege Escalation (via snapd):

https://www.redpacketsecurity.com/dirty_sock-linux-privilege-escalation-via-snapd/

-1689-Linux privilege escalation:

https://jok3rsecurity.com/linux-privilege-escalation/

-1690-The Complete Meterpreter Guide | Privilege Escalation & Clearing Tracks:

https://hsploit.com/the-complete-meterpreter-guide-privilege-escalation-clearing-tracks/

-1691-How to prepare for PWK/OSCP, a noob-friendly guide:

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

-1692-Basic Linux privilege escalation by kernel exploits:

https://greysec.net/showthread.php?tid=1355

-1693-Linux mount without root :

epaymentamerica.com/tozkwje/xlvkawj2.php?trjsef=linux-mount-without-root

-1694-Linux Privilege Escalation Oscp:

www.condadorealty.com/2h442/linux-privilege-escalation-oscp.html

-1695-Privilege Escalation Attack Tutorial:

https://alhilalgroup.info/photography/privilege-escalation-attack-tutorial

-1696-Oscp Bethany Privilege Escalation:

https://ilustrado.com.br/i8v7/7ogf.php?veac=oscp-bethany-privilege-escalation

-1697-Hacking a Website and Gaining Root Access using Dirty COW Exploit:

https://ethicalhackers.club/hacking-website-gaining-root-access-using-dirtycow-exploit/

-1698-Privilege Escalation - Linux · Total OSCP Guide:

https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html

-1699-Linux advanced privilege escalation:

https://www.slideshare.net/JameelNabbo/linux-advanced-privilege-escalation

-1700-Local Linux privilege escalation overview:

https://myexperiments.io/linux-privilege-escalation.html

-1701-Windows Privilege Escalation Scripts & Techniques :

https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194

-1702-Penetration Testing: Maintaining Access:

https://resources.infosecinstitute.com/penetration-testing-maintaining-access/

-1703-Kali Linux Maintaining Access :

https://www.tutorialspoint.com/kali_linux/kali_linux_maintaining_access.htm

-1704-Best Open Source Tools for Maintaining Access & Tunneling:

https://n0where.net/maintaining-access

-1705-Maintaining Access Part 1: Introduction and Metasploit Example:

https://www.hackingloops.com/maintaining-access-metasploit/

-1706-Maintaining Access - Ethical hacking and penetration testing:

https://miloserdov.org/?cat=143

-1707-Maintaining Access with Web Backdoors [Weevely]:

https://www.yeahhub.com/maintaining-access-web-backdoors-weevely/

-1708-Best Open Source MITM Tools: Sniffing & Spoofing:

https://n0where.net/mitm-tools

-1709-Cain and Abel - Man in the Middle (MITM) Attack Tool Explained:

https://cybersguards.com/cain-and-abel-man-in-the-middle-mitm-attack-tool-explained/

-1710-Man In The Middle Attack (MITM):

https://medium.com/@nancyjohn.../man-in-the-middle-attack-mitm-114b53b2d987

-1711-Real-World Man-in-the-Middle (MITM) Attack :

https://ieeexplore.ieee.org/document/8500082

-1712-The Ultimate Guide to Man in the Middle Attacks :

https://doubleoctopus.com/blog/the-ultimate-guide-to-man-in-the-middle-mitm-attacks-and-how-to-prevent-them/

-1713-How to Conduct ARP Spoofing for MITM Attacks:

https://tutorialedge.net/security/arp-spoofing-for-mitm-attack-tutorial/

-1714-How To Do A Man-in-the-Middle Attack Using ARP Spoofing & Poisoning:

https://medium.com/secjuice/man-in-the-middle-attack-using-arp-spoofing-fa13af4f4633

-1715-Ettercap and middle-attacks tutorial :

https://pentestmag.com/ettercap-tutorial-for-windows/

-1716-How To Setup A Man In The Middle Attack Using ARP Poisoning:

https://online-it.nu/how-to-setup-a-man-in-the-middle-attack-using-arp-poisoning/

-1717-Intro to Wireshark and Man in the Middle Attacks:

https://www.commonlounge.com/discussion/2627e25558924f3fbb6e03f8f912a12d

-1718-MiTM Attack with Ettercap:

https://www.hackers-arise.com/single-post/2017/08/28/MiTM-Attack-with-Ettercap

-1719-Man in the Middle Attack with Websploit Framework:

https://www.yeahhub.com/man-middle-attack-websploit-framework/

-1720-SSH MitM Downgrade :

https://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade

-1721-How to use Netcat for Listening, Banner Grabbing and Transferring Files:

https://www.yeahhub.com/use-netcat-listening-banner-grabbing-transferring-files/

-1722-Powershell port scanner and banner grabber:

https://www.linkedin.com/pulse/powershell-port-scanner-banner-grabber-jeremy-martin/

-1723-What is banner grabbing attack:

https://rxkjftu.ga/sport/what-is-banner-grabbing-attack.php

-1724-Network penetration testing:

https://guif.re/networkpentest

-1725-NMAP Cheatsheet:

https://redteamtutorials.com/2018/10/14/nmap-cheatsheet/

-1726-How To Scan a Network With Nmap:

https://online-it.nu/how-to-scan-a-network-with-nmap/

-1727-Hacking Metasploitable : Scanning and Banner grabbing:

https://hackercool.com/2015/11/hacking-metasploitable-scanning-banner-grabbing/

-1728-Penetration Testing of an FTP Server:

https://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b

-1729-Nmap Usage & Cheet-Sheet:

https://aerroweb.wordpress.com/2018/03/14/namp-cheat-sheet/

-1730-Discovering SSH Host Keys with NMAP:

https://mwhubbard.blogspot.com/2015/03/discovering-ssh-host-keys-with-nmap.html

-1731-Banner Grabbing using Nmap & NetCat - Detailed Explanation:

https://techincidents.com/banner-grabbing-using-nmap-netcat

-1732-Nmap – (Vulnerability Discovery):

https://crazybulletctfwriteups.wordpress.com/2015/09/5/nmap-vulnerability-discovery/

-1733-Penetration Testing on MYSQL (Port 3306):

https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/

-1774-Password Spraying - Infosec Resources :

https://resources.infosecinstitute.com/password-spraying/

-1775-Password Spraying- Common mistakes and how to avoid them:

https://medium.com/@adam.toscher/password-spraying-common-mistakes-and-how-to-avoid-them-3fd16b1a352b

-1776-Password Spraying Tutorial:

https://attack.stealthbits.com/password-spraying-tutorial-defense

-1777-password spraying Archives:

https://www.blackhillsinfosec.com/tag/password-spraying/

-1778-The 21 Best Email Finding Tools::

https://beamery.com/blog/find-email-addresses

-1779-OSINT Primer: People (Part 2):

https://0xpatrik.com/osint-people/

-1780-Discovering Hidden Email Gateways with OSINT Techniques:

https://blog.ironbastion.com.au/discovering-hidden-email-servers-with-osint-part-2/

-1781-Top 20 Data Reconnaissance and Intel Gathering Tools :

https://securitytrails.com/blog/top-20-intel-tools

-1782-101+ OSINT Resources for Investigators [2019]:

https://i-sight.com/resources/101-osint-resources-for-investigators/

-1783-Digging Through Someones Past Using OSINT:

https://nullsweep.com/digging-through-someones-past-using-osint/

-1784-Gathering Open Source Intelligence:

https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05

-1785-How to Locate the Person Behind an Email Address:

https://www.sourcecon.com/how-to-locate-the-person-behind-an-email-address/

-1786-Find hacked email addresses and check breach mails:

https://www.securitynewspaper.com/2019/01/16/find-hacked-email-addresses/

-1787-A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password :

https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/

-1788-Top 10 OSINT Tools/Sources for Security Folks:

www.snoopysecurity.github.io/osint/2018/08/02/10_OSINT_for_security_folks.html

-1789-Top 5 Open Source OSINT Tools for a Penetration Tester:

https://www.breachlock.com/top-5-open-source-osint-tools/

-1790-Open Source Intelligence tools for social media: my own list:

https://www.andreafortuna.org/2017/03/20/open-source-intelligence-tools-for-social-media-my-own-list/

-1791-Red Teaming: I can see you! Insights from an InfoSec expert :

https://www.perspectiverisk.com/i-can-see-you-osint/

-1792-OSINT Playbook for Recruiters:

https://amazinghiring.com/osint-playbook/

-1793- Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking:

https://www.irongeek.com/i.php?page=security/doxing-footprinting-cyberstalking

-1794-Open Source Intelligence Gathering 201 (Covering 12 additional techniques):

https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544?gi=2afe435c630a

-1795-Online Investigative Tools for Social Media Discovery and Locating People:

https://4thetruth.info/colorado-private-investigator-online-detective-social-media-and-online-people-search-online-search-tools.html

-1796-Expanding Skype Forensics with OSINT: Email Accounts:

http://www.automatingosint.com/blog/2016/05/expanding-skype-forensics-with-osint-email-accounts/

-1798-2019 OSINT Guide:

https://www.randhome.io/blog/2019/01/05/2019-osint-guide/

-1799-OSINT - Passive Recon and Discovery of Assets:

https://0x00sec.org/t/osint-passive-recon-and-discovery-of-assets/6715

-1800-OSINT With Datasploit:

https://dzone.com/articles/osint-with-datasploit

-1801-Building an OSINT Reconnaissance Tool from Scratch:

https://medium.com/@SundownDEV/phone-number-scanning-osint-recon-tool-6ad8f0cac27b

-1802-Find Identifying Information from a Phone Number Using OSINT Tools:

https://null-byte.wonderhowto.com/how-to/find-identifying-information-from-phone-number-using-osint-tools-0195472/

-1803-Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step):

https://www.securitynewspaper.com/2019/05/02/find-details-of-any-mobile-number-email-id-ip-address-in-the-world-step-by-step/

-1804-Investigative tools for finding people online and keeping yourself safe:

https://ijnet.org/en/story/investigative-tools-finding-people-online-and-keeping-yourself-safe

-1805- Full text of "The Hacker Playbook 2 Practical Guide To Penetration Testing By Peter Kim":

https://archive.org/stream/TheHackerPlaybook2PracticalGuideToPenetrationTestingByPeterKim/The%20Hacker%20Playbook%202%20-%20Practical%20Guide%20To%20Penetration%20Testing%20By%20Peter%20Kim_djvu.txt

-1806-The Internet Archive offers over 15,000,000 freely downloadable books and texts. There is also a collection of 550,000 modern eBooks that may be borrowed by anyone with a free archive.org account:

https://archive.org/details/texts?and%5B%5D=hacking&sin=


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK