Hackery

Hacker Media

Blogs worth it

Carnal0wnage
McGrew Security
Blog | GNUCITIZEN
Darknet
spylogic.net
TaoSecurity
Room362.com
SIPVicious
PortSwigger.net
Blog - pentestmonkey.net
Jeremiah Grossman
omg.wtf.bbq.
Cатсн²² (in)sесuяitу
SkullSecurity
Metasploit
Security and Networking
Skeptikal.org
Digital Soapbox
tssci security
Blog - Gotham Digital Science
Reiners’ Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
MadIrish.net
sirdarckcat
Reusable Security
Myne-us
www.notsosecure.com
SpiderLabs Anterior
Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
DigiNinja
Home Of PaulDotCom Security Podcast
Attack Vector
deviating.net
Alpha One Labs
SmashingPasswords.com
wirewatcher
gynvael.coldwind//vx.log
Nullthreat Security
Archangel Amael's BT Tutorials
memset's blog
ihasomgsecurityskills
punter-infosec
Security Ninja
Security and risk
GRM n00bs
Kioptrix
::eSploit::
PenTestIT — Your source for Information Security Related information!
Your source for Information Security related information!

Forums

BackTrack Forums
EliteHackers.info
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override
bright-shadows.net
ethicalhacker.net
sla.ckers.org

Magazines

(IN)SECURE Magazine
http://hakin9.org/

Video

The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
27c3-stream/releases/mkv
YouTube - ChRiStIaAn008's Channel
YouTube - HackingCons's Channel

Methodologies

Penetration Testing Framework
The Penetration Testing Execution Standard
Web Application Security Consortium (WASC)
OWASP top 10
social-engineer.org

OSINT

Presentations

Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net
Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net
Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net
Tactical Information Gathering
document_metadata_the_silent_killer__32974 (application/pdf Object)
footprinting - passive information gathering before a pentest

People and Orginizational

spokeo.com - People Search
123people.com
Spoke.com - Business Directory
Business Network - Social Network for Business Professionals
ZoomInfo
Pipl - People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search - Social Mention
EntityCube
yasni.com | No. 1 free people search - Find anyone on the web
Tweepz.com - search, find and discover interesting people on twitter
TweepSearch :: Twitter Profile and Bio Search
Glassdoor.com - Company Salaries and Reviews
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PeekYou
PicFog - Quick Image Search
Twapper Keeper - "We save tweets" - Archive Tweets
White Pages | Email Lookup | People Find Tools at The Ultimates

Infastructure

Netcraft Uptime Survey
SHODAN - Computer Search Engine
Domain Tools: Whois Lookup and Domain Suggestions
Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger
http://hackerfantastic.com/
WHOIS and Reverse IP Service
MSN IP Search
SSL Labs - Projects / Public SSL Server Database - SSL Server Test
MyIPNeighbors Reverse IP Lookup
Google Hacking Database, GHDB, Google Dorks
Domain - reports and all about ips, networks and dns
net toolkit::index
IHS |  GHDB

Exploits and Advisories

The Exploit Database
.:[ packet storm ]:.
SecurityFocus
SecurityForest
NIST
OSVDB: The Open Source Vulnerability Database
SecDocs IT Security and Hacking knowledge base
Nullbyte.Org.IL
CVE security vulnerability database
Secunia.com
CVE - Common Vulnerabilities and Exposures (CVE)

Cheat Sheets and Syntax

Big Port DB | Cirt
Cheat Sheet : All Cheat Sheets in one page
Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets
Information about developments at the Monastery

Agile Hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
Command Line Kung Fu
Simple yet effective: Directory Bruteforcing
The Grammar of WMIC
Windows Command-Line Kung Fu with WMIC
Windows CMD Commands
running a command on every mac
Syn: Command-Line Ninjitsu
WMIC, the other OTHER white meat.
Hacking Without Tools: Windows - RST
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
[PenTester Scripting]
windows-scripting-COM-tricks
Advanced-Command-Exploitation

OS & Scripts

IPv4 subnetting reference - Wikipedia, the free encyclopedia
All the Best Linux Cheat Sheets
SHELLdorado - Shell Tips & Tricks (Beginner)
Linux Survival :: Where learning Linux is easy
BashPitfalls - Greg's Wiki
Rubular: a Ruby regular expression editor and tester
http://www.iana.org/assignments/port-numbers
Useful commands for Windows administrators
All the Best Linux Cheat Sheets
Rubular: a Ruby regular expression editor

Tools

netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Netcat cheat sheet

Distros

BackTrack Linux
Matriux
nUbuntu
Samurai Web Testing Framework
OWASP Live CD Project
Pentoo
Katana
KON-BOOT
Welcome to Linux From Scratch!
SUMO Linux
pentesting packages for ubuntu
BackBox Linux | Flexible Penetration Testing Distribution

Labs

ISO's / VMs

Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
NETinVM
:: moth - Bonsai Information Security ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
WackoPico
LAMPSecurity
Hacking-Lab.com LiveCD
Virtual Hacking Lab
Badstore.net
Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
Damn Vulnerable Web App - DVWA
pWnOS
The ButterFly - Security Project

Vulnerable Software

Old Version Downloads - OldApps.com
OldVersion.com
Web Application exploits, php exploits, asp exploits
wavsep - Web Application Vulnerability Scanner Evaluation Project
OWASP SiteGenerator - OWASP
Hacme Books | McAfee Free Tools
Hacme Casino v1.0 | McAfee Free Tools
Hacme Shipping | McAfee Free Tools
Hacme Travel | McAfee Free Tools

Test Sites

Test Site
CrackMeBank Investments
http://zero.webappsecurity.com
acublog news
acuforum forums
Home of Acunetix Art
Altoro Mutual
NT OBJECTives

Exploitation Intro

Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code
Myne-us: From 0x90 to 0x4c454554, a journey into exploitation.
Past, Present, Future of Windows Exploitation | Abysssec Security Research
Smash the Stack 2010
The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit
x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
X86 Opcode and Instruction Reference
This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.

Reverse Engineering & Malware

TiGa's IDA Video Tutorial Site
Binary Auditing
http://visi.kenshoto.com/
radare
Offensive Computing | Community Malicious code research and analysis

Passwords and Hashes

Password Exploitation Class
Default Passwords Database
Sinbad Security Blog: MS SQL Server Password Recovery
Foofus Networking Services - Medusa::SMBNT
LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff
MD5 Crackers | Password Recovery | Wordlist Downloads
Password Storage Locations For Popular Windows Applications
Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator
Requested MD5 Hash queue
Virus.Org
Default Password List
Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

Wordlists

"Crack Me If You Can" - DEFCON 2011
Packet Storm Word Lists
Passwords - SkullSecurity
Index of /passwd/passwords

Pass the Hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
crack-pass-hash_33219 (application/pdf Object)

MitM

Introduction to dsniff - GIAC Certified Student Practical
dsniff-n-mirror.pdf (application/pdf Object)
dsniff.pdf (application/pdf Object)
A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com
ECCE101.pdf (application/pdf Object)
3.pdf (application/pdf Object)
Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
cracking-air.pdf (application/pdf Object)
bh-europe-03-valleri.pdf (application/pdf Object)
Costa.pdf (application/pdf Object)
defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
Live_Hacking.pdf (application/pdf Object)
PasstheParcel-MITMGuide.pdf (application/pdf Object)
2010JohnStrandKeynote.pdf (application/pdf Object)
18.Ettercap_Spoof.pdf (application/pdf Object)
EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
Fun With EtterCap Filters.pdf (application/pdf Object)
The_Magic_of_Ettercap.pdf (application/pdf Object)
arp_spoofing.pdf (application/pdf Object)
Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
ICTSecurity-2004-26.pdf (application/pdf Object)
ettercap_Nov_6_2005-1.pdf (application/pdf Object)
MadIrish.net Mallory is More than a Proxy
Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers

Tools

OSINT

Edge-Security - theHarvester- Information Gathering
DNSTRACER man-page
Maltego 3

Metadata

document-metadata-silent-killer_32974 (application/pdf Object)
[strike out]
ExifTool by Phil Harvey
Edge-Security - Metagoofil - Metadata analyzer - Information Gathering
Security and Networking - Blog - Metadata Enumeration with FOCA

Google Hacking

Midnight Research Labs - SEAT
Google Hacking Diggity Project « Stach & Liu
dorkScan.py

Web

BeEF
BlindElephant Web Application Fingerprinter
XSSer: automatic tool for pentesting XSS attacks against different applications
RIPS | Download RIPS software for free at SourceForge.net
http://www.divineinvasion.net/authforce/
Attack and Defense Labs - Tools
Browser_Exploitation_for_Fun&Profit
Using sqid (SQL Injection Digger) to look for SQL Injection
pinata-CSRF-tool
XSSer: automatic tool for pentesting XSS attacks against different applications
Clickjacker
unicode-fun.txt ≈ Packet Storm
WebService-Attacker

Attack Strings

fuzzdb - Project Hosting on Google Code
OWASP Fuzzing Code Database - OWASP

Shells

SourceForge.net: Yokoso!
AJAX/PHP Command Shell

Scanners

w3af - Web Application Attack and Audit Framework
skipfish - Project Hosting on Google Code
sqlmap: automatic SQL injection tool
SQID - SQL Injection digger
http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code
fm-fsf - Project Hosting on Google Code
Websecurify
News :: Arachni - Web Application Security Scanner Framework
rfiscan ≈ Packet Storm
lfi-rfi2 scanner ≈ Packet Storm
inspathx – Tool For Finding Path Disclosure Vulnerabilities
DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm

Proxies

Burp

fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
Constricting the Web: The GDS Burp API - Gotham Digital Science
Browse Belch - Burp External Channel v1.0 Files on SourceForge.net
Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja
w3af in burp
Attack and Defense Labs - Tools
burp suite tutorial - English

SensePost - reDuh - HTTP Tunneling Proxy
OWASP WebScarab NG Project - OWASP
Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight
Fiddler Web Debugger - A free web debugging tool
Watcher: Web security testing tool and passive vulnerability scanner
X5S

koto/squid-imposter - GitHub
squid-imposter - Phishing attack w/HTML5 offline cache framework based on Squid proxy

Social Engineering

Social Engineering Toolkit

Password

Ncrack
Medusa
JTR
Ophcrack
keimpx in action | 0x3f
keimpx - Project Hosting on Google Code
hashkill

Metasploit

markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb
WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code
markremark: Metasploit Visual Basic Payloads in action
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script for meterpreter available !
Metasploit: Automating the Metasploit Console
561
Deploying Metasploit as a Payload on a Rooted Box Tutorial
Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks
SecTor 2010 - HD Moore - Beyond Exploits on Vimeo
XLSinjector « Milo2012's Security Blog
Armitage - Cyber Attack Management for Metasploit
Nsploit
neurosurgery-with-meterpreter
(automating msf) UAV-slides.pdf

MSF Exploits or Easy

Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security

NSE

Nmap Scripting Engine Primer Tutorial
NSEDoc Reference Portal

Net Scanners & Scripts

Nmap
sambascan2 - SMB scanner
SoftPerfect Network Scanner
OpenVAS
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community

Post Exploitation

http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
Metacab | PHX2600

Netcat

Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com
ads.pdf (application/pdf Object)
Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
netcat_cheat_sheet_v1.pdf (application/pdf Object)
socat
NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World
Netcat tricks « Jonathan’s Techno-tales
Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
Few Useful Netcat Tricks « Terminally Incoherent
Skoudis_pentestsecrets.pdf (application/pdf Object)
Cracked, inSecure and Generally Broken: Netcat
Ncat for Netcat Users

Source Inspection

Graudit - Just Another Hacker
javasnoop - Project Hosting on Google Code

Firefox Addons

David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
OSVDB :: Add-ons for Firefox
Packet Storm search plugin. :: Add-ons for Firefox
Default Passwords - CIRT.net :: Add-ons for Firefox
Offsec Exploit-db Search :: Add-ons for Firefox
OVAL repository search plugin :: Add-ons for Firefox
CVE ® dictionary search plugin :: Add-ons for Firefox
HackBar :: Add-ons for Firefox

Tool Listings

.:[ packet storm ]:. - tools
Penetration Testing and Vulnerability Analysis - Home
Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
CNIT 124: Advanced Ethical Hacking -- Sam Bowne
CS 279 - Advanced Topics in Security
CS142 Web Programming and Security - Stanford
CS155 Computer and Network Security - Stanford
CSE 227: Computer Security - UCSD
CS 161: Computer Security - UC Berkley
Security Talks - UCLA
CSCI 4971 Secure Software Principles - RPI
MCS 494 UNIX Security Holes
Software Security - CMU
T-110.6220 Special Topics in Ifocsec -TKK
Sec and Infosec Related - MIT

Metasploit

Metasploit Unleashed
Metasploit Class Videos  (Hacking Illustrated Series InfoSec Tutorial Videos)
Metasploit Megaprimer 300+ mins of video
Metasploit Tips and Tricks - Ryan Linn
OffSecOhioChapter, Metasploit Class2 - Part1
OffSecOhioChapter, Metasploit Class2 - Part2
OffSecOhioChapter, Metasploit Class2 - Part3

Programming

Python

Google's Python Class - Google's Python Class - Google Code
Python en:Table of Contents - Notes
TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python
Python Videos, Tutorials and Screencasts
Learning Python Programming Language Through Video Lectures - good coders code, great reuse

Ruby

Video Tutorials - Technology Demonstrations - tekniqal.com

Other/Misc

CS490 Windows Internals
T-110.6220 Lectures - Noppa - TKK
Index of /edu/training/ss/lecture/new-documents/Lectures
 InfoSec Resources
Robert Hansen on Vimeo

Web Vectors

SQLi

MSSQL Injection Cheat Sheet - pentestmonkey.net
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet
Mediaservice.net SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet » krazl - ™ ķЯαž£ ™ - bloggerholic
MS Access SQL Injection Cheat Sheet
Penetration Testing: Access SQL Injection
Testing for MS Access - OWASP
Security Override - Articles: The Complete Guide to SQL Injections
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections « Reiners’ Weblog
SQL Injection Attack
YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009
Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object)
Joseph McCray SQL Injection
sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion
sqli2.pdf (application/pdf Object)
SQL Server Version - SQLTeam.com
Overlooked SQL Injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)

uploadtricks

bypassing upload file type - Google Search
Skeptikal.org: Adobe Responds... Sort Of
Secure File Upload in PHP Web Applications | INSIC DESIGNS
Stupid htaccess Tricks • Perishable Press
Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r
Security FCKeditor ADS File Upload Vulnerability - Windows Only
Cross Site Scripting scanner – Free XSS Security Scanner
VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634)
Uploading Files Using the File Field Control
TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project
Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
Cross-site File Upload Attacks | GNUCITIZEN
TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
FileUploadSecurity - SH/SC Wiki

LFI/RFI

http://pastie.org/840199
Exploiting PHP File Inclusion – Overview « Reiners’ Weblog
LFI..Code Exec..Remote Root!
Local File Inclusion – Tricks of the Trade « Neohapsis Labs
Blog, When All You Can Do Is Read - DigiNinja

XSS

The Anatomy of Cross Site Scripting
Whitepapers - www.technicalinfo.net
Cross-Site Scripting (XSS) – no script required - Tales from the Crypto
Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training
BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
sirdarckcat: Our Favorite XSS Filters and how to Attack them
Filter Evasion – Houdini on the Wire « Security Aegis
HTML5 Security Cheatsheet
XSS - Cross Site Scripting
sla.ckers.org web application security forum :: XSS Info
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
What's Possible with XSS?

Coldfusion

ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
Attacking ColdFusion. | Sigurnost i zastita informacija
Attacking ColdFusion
HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub
254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com
Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console

SharePoint

The Ethical Hacker Network - Pen Testing Sharepoint

Lotus

Lotus Notes/Domino Security - David Robert's -castlebbs- Blog
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno

jboss

Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded Security Blog: Good Bye Critical Jboss 0day

vmware web

Metasploit Penetration Testing Framework - Module Browser

Oracle appserver

hideaway [dot] net: Hacking Oracle Application Servers
Testing for Oracle - OWASP
OraScan
NGSSQuirreL for Oracle
hpoas.pdf (application/pdf Object)

SAP

Onapsis | Research Labs
'[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC
Phenoelit SAP exploits

Wireless

pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting

Capture the Flag/Wargames

http://intruded.net/
SmashTheStack Wargaming Network
flack & hkpco.kr
HC's Capture the Flag site
The UCSB iCTF
CTF Calendar

Conferences

Information Security Conferences Calnedar

misc/unsorted

http://www.ikkisoft.com/stuff/SMH_XSS.txt
XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog
What The Fuck Is My Information Security Strategy?
OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4
DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques
extern blog SensePost;
Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers
HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost
Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com
black-box-scanners-dimva2010.pdf (application/pdf Object)
Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)
Stupid htaccess Tricks • Perishable Press