-
Notifications
You must be signed in to change notification settings - Fork 5
/
hpb3_links.txt
490 lines (487 loc) · 25.5 KB
/
hpb3_links.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
Document infos:
- Author = Peter Kim
- CreationDate = D:20180505020009+00'00'
- Creator = calibre 2.69.0 [https://calibre-ebook.com]
- Pages = 308
- Producer = calibre 2.69.0 [https://calibre-ebook.com]
- Title = The Hacker Playbook 3: Practical Guide To Penetration Testing
- dc = {'publisher': ['Secure Planet'], 'description': {'x-default': None}, 'language': ['en'], 'creator': ['Peter Kim'], 'title': {'x-default': 'The Hacker Playbook 3: Practical Guide To Penetration Testing'}, 'date': ['2018-05-01T00:00:00+02:00'], 'subject': []}
- http://calibre-ebook.com/xmp-namespace = {'timestamp': '2018-05-03T18:05:43.134685+02:00', 'author_sort': 'Kim, Peter'}
- xap = {'Identifier': ['\n '], 'MetadataDate': '2018-05-05T04:00:09.811485+02:00'}
References: 521
- URL: 521
- PDF: 1
URL References:
- https://www.windowscentral.com/how-permanently-disable-windows-defender-antivirus-windows-10
- https://github.com/cyberspacekittens/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Real-Password-WPA-MegaLinks.md
- http://webserver/payload
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Invoke-NinjaCopy.ps1
- laurent.blogspot.com/2016/10/introducing-responder-multirelay-10.html
- https://github.com/trustedsec/nps_payload
- vpn.loca1host.com
- https://www.fireeye.com/blog/threat-
- 2Fcyberspacekittens.com
- https://www.w3schools.com/tags/ref_eventattributes.asp
- https://github.com/mitre/caldera
- https://lightsail.aws.amazon.com/
- http://blog.portswigger.net/2015/08/server-side-template-injection.html
- https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-
- http://www.fuzzysecurity.com/tutorials/16.html
- https://github.com/trustedsec/social-engineer-toolkit
- https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors
- https://github.com/breenmachine/httpscreenshot
- lethalsecurity.com
- https://www.vulnerability-
- https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029#diff-025d24bfdd78aa27353572d067da50b3L260
- https://imagetragick.com/
- https://shop.riftrecon.com/products/under-the-door-tool
- a0.awsstatic.com
- https://mail.cyberspacekittens.com/owa/auth/logon.aspx
- https://buer.haus/breport/index.php
- https://blog.kchung.co/rfid-
- http://thehackerplaybook.com/training/
- https://github.com/lukebaggett/dnscat2-powershell
- http://chat:3000/ssrf
- https://github.com/luin/serialize/search?utf8=%E2%9C%93&q=eval&type=
- https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/
- https://github.com/cyberspacekittens/password_cracking_rules
- https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658
- https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample-
- https://github.com/anshumanbh/git-all-secrets
- https://www.social-engineer.org/wp-content/uploads/2017/11/SECTF-2017.pdf
- http://hackerwarehouse.com/product/proxmark3-rdv2-kit/
- https://gist.githubusercontent.com/cheetz/4d6a26bb122a942592ab9ac21894e57b/raw/f58e82c9abfa46a932eb92edbe6b18214141439b/all.txt
- https://github.com/thealpiste/C_ReverseHTTPS_Shellcode
- https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf
- http://mirrors.jenkins.io/war-stable/1.651.2/
- https://github.com/Coalfire-Research/Red-Baron
- https://github.com/cheetz/sslScrape
- https://www.us-cert.gov/ncas/alerts/TA13-088A
- https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
- https://github.com/robertdavidgraham/masscan
- https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1428
- https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- https://github.com/tennc/webshell
- https://github.com/cheetz/dnscat2/tree/master/server/controller
- http://www.harmj0y.net/blog/empire/empire-1-5/
- https://msdn.microsoft.com/en-
- https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- pipl.com
- mail.google.com
- https://technet.microsoft.com/en-
- Censys.io
- https://serverfault.com/questions/356123/how-to-allow-just-one-user-to-login-in-special-computer-in-server-2003
- testlab.company.com
- https://github.com/cheetz/THP-ChatSupportSystem/blog/master/lab.txt
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb
- https://www.youtube.com/watch
- https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/
- https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/amazon.profile
- https://www.eff.org/pages/legal-assistance
- https://gist.githubusercontent.com/scumjr/17d91f20f73157c722ba2aea702985d2/raw/a37178567ca7b816a5c6f891080770feca5c74d7/dirtycow-mem.c
- https://www.us-cert.gov/ncas/alerts/TA18-086A
- https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/
- https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-
- https://www.mdsec.co.uk/2018/03/payload-generation-using-
- https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1
- https://github.com/hashcat/hashcat-utils/releases
- https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a#df21
- https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
- http://chat:3000/xss
- thehackerplaybook.com/updates
- https://en.wikipedia.org/wiki/Immediately-invoked_function_expression
- https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- https://github.com/cheetz/hidemyps
- https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
- https://github.com/danielbohannon/Invoke-Obfuscation
- https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/
- https://www.arin.net/
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/
- https://github.com/EmpireProject/Empire
- https://github.com/rebootuser/LinEnum
- http://sqlmap.org/
- https://rileykidd.com/2017/08/03/application-whitelist-bypass-
- https://wiki.skullsecurity.org/Passwords
- https://github.com/ChrisTruncer/EyeWitness
- https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellIcmp.ps1
- https://thehackernews.com/2017/12/data-
- https://github.com/blechschmidt/massdns
- https://medium.com/@mirkatson/running-metasploit-on-kali-linux-docker-aws-ec2-instance-a2f7d7310b2b
- https://github.com/bluscreenofjeff/AggressorScripts/blob/master/mimikatz-every-30m.cna
- https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs
- http://getgophish.com/documentation/
- https://github.com/mdsecactivebreach/SharpShooter
- https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
- https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-
- n.name
- https://bugs.chromium.org/p/project-zero/issues/list
- https://snyk.io/test/npm/node-serialize
- http://chat:3000/ti
- https://github.com/Ne0nd0g/merlin
- https://github.com/hashcat/hashcat/tree/master/rules
- https://github.com/harleyQu1nn/AggressorScripts
- https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
- https://www.esecurityplanet.com/network-security/unpatched-open-source-software-flaw-blamed-for-massive-equifax-breach.html
- https://powersploit.readthedocs.io/en/latest/Recon/Invoke-
- https://github.com/GreatSCT/GreatSCT/tree/develop
- https://inteltechniques.com/OSINT/pastebins.html
- https://i.imgur.com/FdtLoFI.jpg
- https://github.com/nccgroup/demiguise
- https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
- http://security.debian.org/debian-
- https://github.com/christophetd/censys-subdomain-finder
- msg.name
- https://github.com/lgandx/Responder.git
- https://github.com/frohoff/ysoserial
- SkullSecurity.org
- https://www.offensive-security.com/metasploit-unleashed/fun-incognito/
- https://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/
- https://github.com/cheetz/thpDropper.git
- http://thehackerplaybook.com/get.php?type=XXE-vm
- https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731(v=vs.85).aspx
- http://thehackerplaybook.com/get.php?type=csk-web
- https://enigma0x3.net/2017/01/23/lateral-movement-via-
- https://room362.com/post/2017/dump-laps-passwords-with-
- http://www.pentest-standard.org
- http://cyberspacekittens.com
- https://github.com/rapid7/metasploit-
- https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-
- https://centralops.net/co/domaindossier.aspx
- https://www.blackhillsinfosec.com/evade-application-whitelisting-
- http://ubm.io/2GI5EAq
- https://github.com/leebaird/discover
- http://www.ubuntuboss.com/how-to-install-openvpn-access-server-on-ubuntu-
- https://crackstation.net/files/crackstation.txt.gz
- https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
- https://www.youtube.com/watch?v=vxXLJSbx1SI
- https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
- https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
- https://github.com/cyberspacekittens/nsa-rules
- https://en.wikipedia.org/wiki/String_interpolation
- https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb
- http://thehackerplaybook.com/get.php?type=csk-lab
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms741563(v=vs.85).aspx
- https://github.com/rsmudge/Malleable-C2-Profiles
- https://github.com/api0cradle/UltimateAppLockerByPassList
- https://github.com/tanprathan/OWASP-Testing-Checklist
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Mimikatz.ps1
- https://github.com/nahamsec/HostileSubBruteforcer
- https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-
- 2fmail.cyberspacekittens.com
- https://github.com/epinna/tplmap
- http://chat:3000/serverStatus?text=1
- http://www.piotrbania.com/all/kon-
- https://www.microsoft.com/en-us/download/details.aspx?id=41653
- http://ubm.io/2ECTYSi
- docs.google.com
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XXE-
- https://github.com/cheetz/ceylogger/blob/master/callback
- https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on
- https://hackerone.com/reports/128088
- https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
- https://www.southord.com/
- mailcyberspacekittens.com
- http://releases.llvm.org/download.html
- www.amazon.com
- https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
- https://github.com/hak5/bashbunny-payloads.git
- https://censys.io/
- https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- https://html5sec.org/
- http://chat:3000/chatchannel/1
- https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
- https://amzn.to/2ItaySR
- https://github.com/Cn33liz/p0wnedShell
- https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows
- https://github.com/s0lst1c3/eaphammer
- https://bitrot.sh/post/30-11-2017-
- company.com
- https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
- https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/
- https://www.synack.com/red-
- https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
- https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-
- meetup.com
- https://hashcat.net/wiki/doku.php
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941
- https://xsshunter.com
- https://www.lockpickshop.com/GATE-BYPASS.html
- https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029
- https://hashes.org/left.php
- https://github.com/foospidy/payloads/tree/master/other/xss
- https://github.com/gentilkiwi/mimikatz
- https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
- https://github.com/Pepitoh/VBad
- https://gist.github.com/enigma0x3/8d0cabdb8d49084cdcf03ad89454798b
- https://trick77.com/how-to-set-up-transparent-vpn-internet-gateway-tunnel-
- mechanicus.com/codex/hashpass/hashpass.php
- https://medium.com/@iraklis/running-hashcat-
- https://github.com/porterhau5/BloodHound-Owned
- https://medium.com/@tomac/a-15-openwrt-based-diy-pen-test-dropbox-
- https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
- http://webserver/payload.hta
- http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
- https://github.com/digininja/pipal
- https://www.digitalocean.com/products/compute
- https://wald0.com/?p=112
- https://github.com/sensepost/ruler
- https://www.hak5.org/gear/packet-squirrel/docs
- https://samy.pl/poisontap/
- http://www.rapid7.com/db/modules/post/windows/manage/priv_migrate
- https://nodejs.org/en/
- https://github.com/cyberspacekittens/Hob0Rules
- http://php.net/manual/en/wrappers.php.php
- https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
- http://contest-
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/situational_awareness/network/powerview.ps1
- https://blog.websecurify.com/2014/08/hacking-nodejs-and-
- Bit.ly
- http://swupdate.openvpn.org/as/openvpn-as-
- mail.cyberspacekittens.com
- https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter
- www.owasp.org/index.php/Testing_for_NoSQL_injection
- https://www.youtube.com/watch?v=dQw4w9WgXcQ
- https://bneg.io/2017/07/26/empire-without-powershell-exe/
- https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1
- https://github.com/cheetz/ceylogger/blob/master/skeleton
- http://chat:3000/hacked.txt
- https://github.com/PowerShell/PowerShell/releases/download/v6.0.2/powershell_6.0.2-
- https://github.com/trustedsec/ptf
- https://github.com/OJ/gobuster
- cnn.com
- https://gist.github.com/staaldraad/01415b990939494879b4
- https://github.com/pentestgeek/phishing-frenzy
- lab.com/list-of-bug-bounty-programs.php
- https://nmap.org/nsedoc/scripts/smb-security-mode.html
- http://beefproject.com/
- www.google.com
- http://ubr.to/2hIO2tZ
- cyberspacekittens.com
- https://helpdeskgeek.com/how-to/windows-join-domain/
- http://www.nvidia.com/object/tesla-servers.html
- https://www.hackerone.com
- https://aws.amazon.com/service-terms/
- www.msdn.microsoft.com
- https://raw.githubusercontent.com/cyberspacekittens/XSS/master/XSS2.png
- https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/smart_hashdump.rb
- socket.io
- https://ip-ranges.amazonaws.com/ip-ranges.json
- https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx
- https://stackoverflow.com/questions/3871729/transmitting-newline-character-n
- https://github.com/cyberspacekittens/bloodhound
- http://chat:3000/directmessage
- https://github.com/GreatSCT/GreatSCT
- https://github.com/DhavalKapil/icmptunnel
- https://portswigger.net/burp
- https://github.com/bbb31/slurp
- https://pugjs.org/language/interpolation.html
- https://expressjs.com/
- https://room362.com/post/2016/snagging-creds-from-locked-machines/
- https://www.forbes.com/sites/thomasbrewster/2015/12/17/facebook-
- https://github.com/ustayready/CredSniper
- CTFTime.org
- http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1-
- https://github.com/cyberspacekittens/metasploit-payloads/tree/master/c/x64_defender_bypass
- http://g-
- https://hashcat.net/wiki/doku.php?id=example_hashes
- https://github.com/Kevin-
- http://thehackerplaybook.com/subscribe/
- https://wappalyzer.com/
- Hashes.org
- https://github.com/cyberspacekittens/metasploit-framework
- shell-storm.org
- http://thehackerplaybook.com/get.php?type=THP-vm
- http://chat:3000/accounts.txt
- https://dirtycow.ninja/
- https://artkond.com/2017/03/23/pivoting-guide/#vpn-over-ssh
- https://github.com/rapid7/metasploitable3
- https://blog.websecurify.com/2017/02/hacking-node-serialize.html
- https://www.esecurityplanet.com/network-security/almost-a-third-of-all-u.s.-businesses-
- https://github.com/porterhau5/BloodHound-
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms648774(v=vs.85).aspx
- https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
- https://pugjs.org/
- https://openvpn.net/index.php/access-server/download-openvpn-
- https://en.wikipedia.org/wiki/Sony_Pictures_hack
- https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-
- https://github.com/cyberspacekittens/metasploit-payloads
- https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
- http://thehackerplaybook.com/get.php?type=THP-password
- https://github.com/hak5/bashbunny-
- https://github.com/Plazmaz/Sublist3r
- 2010.korelogic.com/rules.html
- https://github.com/GreatSCT/GreatSCT.git
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/trollsploit/Get-
- http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-
- https://github.com/samratashok/nishang
- https://github.com/putterpanda/mimikittenz
- https://builtwith.com/
- http://test.cyberspacekittens.com
- https://github.com/harleyQu1nn/AggressorScripts
- https://github.com/secretsquirrel/the-backdoor-factory
- https://www.lockpickshop.com/SJ-50.html
- http://psbdmp.ws/
- https://thesprawl.org/projects/pack/
- http://www.sixdub.net/?p=555
- https://bashbunny.com/downloads
- https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-
- cyberspacekittens.s3.amazonaws.com
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
- https://github.com/danielbohannon/Invoke-CradleCrafter
- https://www.powershellempire.com/?page_id=273
- https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-
- http://flaws.cloud/
- https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a
- http://www.agarri.fr/docs/AppSecEU15-
- https://github.com/EmpireProject/Empire/blob/master/data/module_source/privesc/PowerUp.ps1
- https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d
- https://github.com/cheetz/jenkins-decrypt
- https://github.com/cyberspacekittens/SecLists
- https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
- http://chat:3000/nosql2
- SMBExec.ps
- https://github.com/luin/serialize
- http://192.168.10.2-254
- https://bugcrowd.com/programs
- https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/
- https://raw.githubusercontent.com/cheetz/dirtycow/master/THP-Lab
- https://gist.github.com/rain-
- https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
- https://github.com/securestate/king-phisher
- https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/README.md
- https://amzn.to/2I6lSry
- https://github.com/s0lst1c3/eaphammer#iv–indirect-wireless-
- http://chat:3000/ti?user=*&comment=asdfasdf&link=
- https://github.com/cheetz/generateJenkinsExploit
- https://github.com/cheetz/generateJenkinsExploit
- https://github.com/iagox86/dnscat2
- lanturtle.com
- https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
- https://github.com/BloodHoundAD/BloodHound
- https://cloud.google.com/compute/docs/faq#ipranges
- https://github.com/cyberspacekittens/Probable-Wordlists/tree/master/Dictionary-Style
- meetup.com/lethal
- https://github.com/bluscreenofjeff/AggressorScripts
- http://chat:3000
- http://webserver/payload.b64
- https://github.com/iagox86/dnscat2.git
- https://github.com/s0lst1c3/eaphammer#iii–stealing-ad-credentials-using-hostile-portal-
- https://github.com/CoreSecurity/impacket.git
- https://blog.cptjesus.com/posts/introtocypher
- https://aws.amazon.com/s/dm/optimization/server-side-
- loca1host.com
- https://www.abatchy.com/2017/05/introduction-to-manual-
- https://github.com/eladshamir/Internal-Monologue
- http://10.100.100.9/malware.payload
- https://github.com/brannondorsey/PassGAN
- https://github.com/JordyZomer/autoSubTakeover
- github.com
- http://gnuwin32.sourceforge.net/packages/make.htm
- https://github.com/jamesbarlow/icmptunnel
- https://github.com/clong/DetectionLab
- https://www.cybereason.com/blog/dcom-lateral-movement-techniques
- Microsoft.NET
- http://chat:3000/
- http://www.adeptus-
- https://www.cyberscoop.com/dji-bug-bounty-drone-technology-sean-melia-
- https://sensepost.com/blog/2017/outlook-forms-and-shells/
- https://github.com/cheetz/brutescrape
- http://hashcat.net/wiki/doku.php?id=example_hashes
- https://github.com/bhdresh/CVE-2017-0199
- https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick
- https://github.com/cheetz/THP-ChatSupportSystem/blob/master/lab.txt
- http://pages.ebay.com/securitycenter/Researchers.html
- https://github.com/mzet-/linux-exploit-
- http://contest-2010.korelogic.com/rules-hashcat.html
- https://github.com/SpiderLabs/portia
- https://github.com/decoder-it/psgetsystem
- https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
- https://downloads.pwnedpasswords.com/passwords/pwned-passwords-
- testlab.s3.amazonaws.com
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20injection
- https://weakpass.com/wordlist
- https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py
- attacker.com
- git-scm.com
- http://code.gerade.org/hans/
- https://www.youtube.com/watch?v=Aatp5gCskvk
- https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/
- http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
- meetup.com/LETHAL
- https://www.wifipineapple.com/pages/nano
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms644974(v=vs.85).aspx
- https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom
- http://www.jsfuck.com/
- https://github.com/IVMachiavelli/OSINT_Team_Links
- https://github.com/cheetz/THP-
- https://github.com/TheRook/subbrute
- https://github.com/cyberspacekittens/dnscat2
- https://github.com/curi0usJack/luckystrike
- https://www.npmjs.com/package/qs
- http://www.xss-payloads.com/payloads-list.html
- https://github.com/peewpw/Invoke-
- https://github.com/lgandx/Responder
- https://www.cobaltstrike.com/aggressor-script/index.html
- https://raw.githubusercontent.com/nidem/kerberoast/master/GetUserSPNs.ps1
- Exploit.In
- http://osintframework.com/
- https://lightsail.aws.amazon.com
- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- http://insecure.org/search.html?q=privilege%20escalation
- https://www.hak5.org/episodes/hak5-1921-access-internal-networks-with-
- https://github.com/derv82/wifite2
- http://webserver/payload.sct
- https://github.com/samratashok/nishang/blob/master/Gather/Get-
- https://github.com/Varbaek/xsser
- https://github.com/Narcolapser/python-o365#email
- https://github.com/cheetz/ceylogger/tree/master/version1
- https://github.com/cheetz/ceylogger/tree/master/version2
- https://github.com/cheetz/ceylogger/tree/master/version3
- https://pugjs.org/language/code.html
- http://chat:3000/nosql
- https://xsshunter.com/app
- https://hackerone.com/reports/121461
- https://github.com/leostat/rtfm
- https://www.shodan.io
- https://www.cobaltstrike.com/help-smb-beacon
- https://www.cobaltstrike.com/help-smb-
- https://www.usenix.org/conference/usenixsecurity16/technical-
- https://github.com/mdsecactivebreach/CACTUSTORCH
- https://github.com/guelfoweb/knock/blob/4.1/knockpy/wordlist/wordlist.txt
- https://github.com/cyberspacekittens/ReflectiveDLLInjection/commit/33d1e515124966661a754b02a15c1469621637ae
- https://pugjs.org/language/code.html#unescaped-buffered-code
- https://github.com/kgretzky/evilginx
- https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library
- https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-
- https://github.com/trustedsec/unicorn
- https://hakshop.com/collections/usb-rubber-ducky
- testlab.s3.amazon.com
- https://www2.fireeye.com/rs/848-DID-
- https://github.com/nettitude/PoshC2
- https://github.com/Arno0x/EmbedInHTML
- https://github.com/sekirkity/BrowserGather
- https://haiderm.com/fully-undetectable-backdooring-pe-file/#Code_Caves
- https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
- www.SecurePla.net
- https://porterhau5.com/blog/extending-bloodhound-track-and-visualize-
- Lightsail.aws.amazon.com
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx
- https://www.youtube.com/watch?v=b7qr0laM8kA
- https://github.com/huntergregal/mimipenguin
- https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1
- ns1.loca1host.com
- https://portswigger.net/bappstore/21df56baa03d499c8439018fe075d3d7
- https://github.com/fireeye/SessionGopher
- www.meetup.com/LETHAL
- https://github.com/cyberspacekittens/metasploit-payloads/commit/227832554737f7c3ffd675571fede449ac714137
- https://digi.ninja/files/bucket_finder_1.1.tar.bz2
- https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/
- https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-
- ns2.loca1host.com
- https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/
PDF References:
- https://www.owasp.org/images/1/19/OTGv4.pdf