Linki

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-gateway/ - kali via whonix
https://sourceforge.net/projects/networkminer/ -  extract pcap  - Network Forensic Analysis Tool
https://www.youtube.com/watch?v=spfrmsbhBaw https://github.com/Danladi/HttpPwnly - XSS shell
https://dustri.org/b/from-lfi-to-rce-in-php.html - From LFI to RCE in php
https://www.pelock.com/pl/artykuly/przeglad-narzedzi-do-reverse-engineeringu -  Przegląd narzędzi do reverse engineeringu
http://pastebin.com/raw/0SNSvyjJ - writeup z hackowania Hacking Teamu
http://netsec.ws/?p=278 - proxychains
https://github.com/Veil-Framework/Veil-Evasion - generowanie payloadow do metasploita z ominieciem AV
http://resources.infosecinstitute.com/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/ - pentest aplikacji desktopowej

https://www.suse.com/communities/blog/stunnel-securing-insecure-ssl-and-creating-ssl-tunnels/ - konfiguracja stunnel (jesli gdzies dziala cos po SSL a ja chce miec to bez SSL)
cat stunnel.conf
cert = /etc/stunnel/server.pem
key  = /etc/stunnel/server.key
client = yes

[VNC_to_HostB]
accept = 127.0.0.1:2009
connect = 1.2.3.4:2009

Na 127.0.0.1 bedzie usluga SSLowa z 1.2.3.4


http://www.darknet.org.uk/2016/03/dirb-domain-brute-forcing-tool/ - dirb i kilka zamienników
https://reverse.report/ - reverse dns
http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
http://blog.zsec.uk/ltr101-method-to-madness/
http://www.r00tsec.com/2012/11/howto-manual-pentest-windows-cheatsheet.html
http://null-byte.wonderhowto.com/how-to/create-obfuscate-virus-inside-microsoft-word-document-0167780/ 
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

https://www.passivetotal.org/ ciekawe info o subdomenach, infekcjach itp

https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/V.Kochetkov_breaking_ASP.NET.pdf - TO HACK AN ASP .NET WEBSITE? HARD, BUT POSSIBLE!

http://www.irongeek.com/homoglyph-attack-generator.php - phishing, unicode, IDN homograph


Słowniki:
https://github.com/berzerk0/Probable-Wordlists/tree/master/Real-Passwords 2 miliardy haseł (24GB z wycieków)




https://github.com/maurosoria/dirsearch - dirsearch, fajny :)

https://pen-testing.sans.org/blog/2013/05/06/netcat-without-e-no-problem - reverseshell na nc bez -e :)

https://snyk.io/test  - Check for known vulnerabilities in public GitHub repos and npm packages

https://github.com/s-n-t/presentations/blob/master/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf

https://www.youtube.com/watch?v=H9vPdB2UX-U - Server-Side Template Injections oraz caly podcast Kacpra jest swietny
https://github.com/epinna/tplmap.git - soft do wykrywania silnika szablonow
https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md
https://github.com/TheRook/subbrute - wyszukiwanie subdomen
https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6

https://github.com/ashishb/android-security-awesome Android Security Awesome
https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/  Linux Privilege Escalation via Automated Script


https://github.com/oddcod3/Phantom-Evasion
https://v0x.nl/articles/bypass-ssl-pinning-android/
https://sploitus.com/ - wyszukiwarka exploitow
https://github.com/hahwul/metasploit-autopwn


Szukanie hostów po certyfikatach SSL
https://medium.com/@linasvaliukas/by-the-way-the-list-of-ssl-tls-certificates-issued-to-you-including-subdomains-is-public-5537ef1f11f5
https://censys.io/certificates?q=parsed.extensions.subject_alt_name.dns_names%3A+zammad*


Przekierowanie portu z NAT do internetu
https://localtunnel.github.io/www/
https://ngrok.com/


Windows Hacking AD
https://github.com/infosecn1nja/AD-Attack-Defense

https://0x00sec.org/t/tricks-of-the-trade-from-5-years-in-offensive-cyber-security/15794

Deepfakes:
https://mrdeepfakes.com/forums/ <- forum :)
https://faceswap.dev/page/download
https://github.com/aerophile/awesome-deepfakes
https://medium.com/@nicklaus_park/levelup-0x02-bug-bounter-hunter-methodology-v3-8f5b802af2ad


https://www.amanhardikar.com/mindmaps/Practice.html

https://github.com/mvelazc0/defcon27_csharp_workshop Tworzenie stagera
https://klinika-laserowa.pl Klinika Medycyny Estetycznej

Brak komentarzy:

Prześlij komentarz

Proszę zostaw swój komentarz w celu dopowiedzenia tego czego ja nie wiedziałem lub wywołania ciekawej dyskusji. Wprowadziłem moderowanie komentarzy ze względu na dużą popularność bloga wśród różnych SEO botów :)