X.
Cybersecurity Books
X.
Hack Tricks
X.
BACKDOORS
Empire
ICMPsh
Merlin
Salseo
X.
CRYPTO
Certificates
Cipher Block Chaining CBC-MAC
Crypto CTFs Tricks
Electronic Code Book
Padding Oracle
RC4 - Encrypt&Decrypt
X.
EXPLOITING
X.
Exploiting Tools
PwnTools
X.
Linux exploiting basic ecp
Bypassing Canary & PIE
Fusion
Ret2Lib
ROP - Leaking LIBC address
ROP - Syscall execv
Windows Exploiting (Basic Guide - OSCP lvl)
X.
FORENSICS
X.
Basic forensics esp
Artifacts
Desofuscation vbs (cscript.exe)
Docker Forensics
File Extraction
File System Analysis
Image Adquisition & Mount
Linux Forensics
Office file analysis
PDF File analysis
PNG tricks
USB logs analysis
Video and Audio file analysis
ZIPs tricks
X.
Pcaps analysis
DNSCat pcap analysis
USB Keyboard pcap analysis
Wifi Pcap Analysis
Wireshark tricks
Malware Analysis
Memory dump analysis
Volatility - CheatSheet
X.
LINUX UNIX
X.
Privilege Escalation
X.
Interesing group linux PE
lxd/lxc Group - Privilege escalation
AppArmor
Cisco - vmanage
Containerd (ctr) Privilege Escalation
D-Bus Enumeration & Command Injection Privilege Escalation
Docker Breakout
electron/CEF/chromium debugger abuse
Escaping from a Docker container
Escaping from restricted shells - Jails
Exploiting Yum
Interesting Groups - Linux PE
ld.so exploit example
Linux Capabilities
Logstash
lxc - Privilege escalation
NFS no_root_squash/no_all_squash misconfiguration PE
Payloads to execute
RunC Privilege Escalation
Seccomp
Socket Command Injection
Splunk LPE and Persistence
SSH Forward Agent exploitation
Wildcards Spare tricks
X.
Useful linux commands
Bypass Bash Restrictions
Checklist for privilege escalation in Linux
Linux Environment Variables
X.
MISC
X.
Basic Python
Bruteforce hash (few chars)
Bypass Python sandboxes
Magic Methods
ROP-PWN template
venv
Other Big References
X.
MOBILE APP PENTESTING
X.
Android Applications Pentesting
X.
Drozer Tutorial
Exploiting Content Providers
X.
Frida tutorial
Frida Tutorial 1
Frida Tutorial 2
Frida Tutorial 3
Objection Tutorial
ADB Commands
APK decompilers
AVD - Android Virtual Device
Burp Suite Configuration for Android
Exploiting a debuggeable applciation
Google CTF 2018 - Shall We Play a Game?
Make APK Accept CA Certificate
Manual DeObfuscation
Reversing Native Libraries
Smali - Decompiling/[Modifying]/Compiling
Spoofing your location in Play Store
Webview Attacks
What are Intents
Android APK Checklist
X.
PENTESTING
X.
Pentesting FTP
FTP Bounce - Download 2ºFTP file
FTP Bounce attack - Scan
X.
Pentesting kerberos
Harvesting tickets from Linux
Harvesting tickets from Windows
X.
Pentesting Network
X.
Wifi Attacks
Evil Twin EAP-TLS
DHCPv6
IDS and IPS Evasion
Network Protocols Explained (ESP)
Nmap Summary (ESP)
Pentesting IPv6
Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks
Spoofing SSDP and UPnP Devices with EvilSSDP
X.
Pentesting oracle listener
Oracle Pentesting requirements installation
Oracle RCE & more
Remote stealth pass brute force
TNS Poison
X.
Pentesting Printers
Buffer Overflows
Credentials Disclosure / Brute-Force
Cross-Site Printing
Document Processing
Factory Defaults
File system access
Firmware updates
Memory Access
Physical Damage
Print job manipulation
Print Job Retention
Scanner and Fax
Software packages
Transmission channel
X.
Pentesting SMTP
SMTP - Commands
X.
Pentesting web
X.
Buckets
AWS-S3
Firebase Database
X.
PHP Tricks esp
X.
PHP useful functions
disable_functions - PHP 5.2.4 ionCube extension Exploit
disable_functions - PHP 5.x Shellshock Exploit
disable_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit
disable_functions bypass - mod_cgi
disable_functions bypass - PHP <= 5.2.9 on windows
disable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec
disable_functions bypass - PHP 5.2 - FOpen Exploit
disable_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass
disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL
disable_functions bypass - PHP 7.0-7.4 (*nix only)
disable_functions bypass - PHP Perl Extension Safe_mode Bypass Exploit
disable_functions bypass - PHP safe_mode bypass via proc_open and custom environment Exploit
disable_functions bypass - php-fpm/FastCGI
disable_functions bypass - via mem
disable functions bypass - dl function
Apache
API Pentesting
Artifactory Hacking guide
CGI
Code Review Tools
Drupal
Flask
Git
GraphQL
H2 - Java SQL database
IIS - Internet Information Services
JBOSS
Jenkins
JIRA
Joomla
JSP
Laravel
Nginx
Python
SpEL - Spring Expression Language
Spring Actuators
Symphony
Tomcat
Uncovering CloudFlare
VMWare (ESX, VCenter...)
WebDav
werkzeug
Wordpress
XSS to RCE Electron Desktop Apps
10000 - Pentesting Network Data Management Protocol (ndmp)
1026 - Pentesting Rusersd
1098/1099 - Pentesting Java RMI
110,995 - Pentesting POP
111/TCP/UDP - Pentesting Portmapper
11211 - Pentesting Memcache
113 - Pentesting Ident
123/udp - Pentesting NTP
135, 593 - Pentesting MSRPC
137,138,139 - Pentesting NetBios
139,445 - Pentesting SMB
143,993 - Pentesting IMAP
1433 - Pentesting MSSQL - Microsoft SQL Server
15672 - Pentesting RabbitMQ Management
161,162,10161,10162/udp - Pentesting SNMP
1723 - Pentesting PPTP
1883 - Pentesting MQTT (Mosquitto)
194,6667,6660-7000 - Pentesting IRC
2049 - Pentesting NFS Service
22 - Pentesting SSH/SFTP
23 - Pentesting Telnet
2301,2381 - Pentesting Compaq/HP Insight Manager
2375, 2376 Pentesting Docker
264 - Pentesting Check Point FireWall-1
27017,27018 - Pentesting MongoDB
3260 - Pentesting ISCSI
3299 - Pentesting SAPRouter
3306 - Pentesting Mysql
3389 - Pentesting RDP
3632 - Pentesting distcc
389, 636, 3268, 3269 - Pentesting LDAP
43 - Pentesting WHOIS
4369 - Pentesting Erlang Port Mapper Daemon (epmd)
44818/UDP/TCP - Pentesting EthernetIP
47808/udp - Pentesting BACNet
500/udp - Pentesting IPsec/IKE VPN
5000 - Pentesting Docker Registry
50030,50060,50070,50075,50090 - Pentesting Hadoop
502 - Pentesting Modbus
512 - Pentesting Rexec
513 - Pentesting Rlogin
514 - Pentesting Rsh
515 - Pentesting Line Printer Daemon (LPD)
53 - Pentesting DNS
5353/UDP Multicast DNS (mDNS)
5432,5433 - Pentesting Postgresql
548 - Pentesting Apple Filing Protocol (AFP)
554,8554 - Pentesting RTSP
5601 - Pentesting Kibana
5671,5672 - Pentesting AMQP
5800,5801,5900,5901 - Pentesting VNC
5984,6984 - Pentesting CouchDB
5985,5986 - Pentesting WinRM
6000 - Pentesting X11
623/UDP/TCP - IPMI
631 - Internet Printing Protocol(IPP)
6379 - Pentesting Redis
69/UDP TFTP/Bittorrent-tracker
7/tcp/udp - Pentesting Echo
79 - Pentesting Finger
8009 - Pentesting Apache JServ Protocol (AJP)
8089 - Splunkd
873 - Pentesting Rsync
9000 - Pentesting FastCGI
9001 - Pentesting HSQLDB
9001 - Pentesting HyperSQL Server (HSQLDB)
9042/9160 - Pentesting Cassandra
9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
9200 - Pentesting Elasticsearch
Pentesting JDWP - Java Debug Wire Protocol
Pentesting SAP
X.
PENTESTING WEB
X.
Deserialization
Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
Basic Java Deserialization (ObjectInputStream, readObject)
CommonsCollection1 Payload - Java Transformers to Rutime exec and Thread Sleep
Exploiting __VIEWSTATE parameter
Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
Java JSF ViewState (.faces) Deserialization
NodeJS - __proto__ & prototype Pollution
X.
File Inclusion/Path traversal
X.
File Uploud
X.
SQL Injection
X.
MySQL injection
Mysql SSRF
X.
PostgreSQL injection
Big Binary Files Upload (PostgreSQL)
dblink lo_import data exfiltration
Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
PL/pgSQL Password Bruteforce
RCE with PostgreSQL Extensions
X.
SQLMap - Cheetsheat
Second Order Injection - SQLMap
MSSQL Injection
Oracle injection
SQLMap - Cheetsheat
X.
XSS Cross-site scripting
2FA/OTP Bypass
Abusing hop-by-hop headers
Bypass Payment Process
Cache Poisoning and Cache Deception
Captcha Bypass
Clickjacking
Client Side Template Injection (CSTI)
Command Injection
Content Security Policy (CSP Bypass)
Cookies Hacking
CORS - Misconfigurations & Bypass
CRLF (%0D%0A) Injection
Cross-site WebSocket hijacking (CSWSH)
CSRF (Cross Site Request Forgery)
Dangling Markup - HTML scriptless injection
Domain/Subdomain takeover
Email Header Injection
File Upload
Formula Injection
HTTP Request Smuggling / HTTP Desync Attack
IDOR
JWT Vulnerabilities (Json Web Tokens)
LDAP Injection
NoSQL injection
OAuth to Account takeover
Open Redirect
Parameter Pollution
PostMessage Vulnerabilities
Race Condition
Rate Limit Bypass
Regular expression Denial of Service - ReDoS
SSRF (Server Side Request Forgery)
Unicode Normalization vulnerability
Web Tool - WFuzz
XPATH injection
XS-Search
XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
XSSI (Cross-Site Script Inclusion)
XXE - XEE - XML External Entity
X.
PHISHING METHODOLOGY
Detecting Phising
Phishing Documents
X.
PHYSICAL ATTACKS
X.
Ecaping from gui applications
Physical Attacks
X.
REVERSING
X.
Cryptographic algorithms
X.
Reversing Tools
Common API used in Malware
Word Macros
X.
SHELLS
X.
Shells
Full TTYs
MSFVenom - CheatSheet
Shells - Linux
Shells - Windows
X.
STEGO
Esoteric languages
Stego Tricks
X.
WINDOWS
X.
Active Directory Methodology
Abusing Active Directory ACLs/ACEs
AD information in printers
ASREPRoast
BloodHound
Constrained Delegation
Custom SSP
DCShadow
DCSync
DSRM Credentials
Force NTLM Privileged Authentication
Golden Ticket
Kerberoast
Kerberos Authentication
MSSQL Trusted Links
Over Pass the Hash/Pass the Key (PTK)
Pass The Ticket (PTT)
Password Spraying
Privileged Accounts and Token Privileges
Resource-based Constrained Delegation
Security Descriptors
Silver Ticket
Skeleton Key
Unconstrained Delegation
X.
Basic PowerShell for Pentesters
PowerView
X.
NTLM
AtExec / SchtasksExec
Places to steal NTLM creds
PsExec/Winexec/ScExec
SmbExec/ScExec
WinRM
WmicExec
X.
Stealing Credentials
Credentials Protections
Mimikatz
X.
Windows Local Privilege Escalation
Access Tokens
ACLs - DACLs/SACLs/ACEs
AppendData/AddSubdirectory permission over service registry
Create MSI with WIX
Dll Hijacking
DPAPI - Extracting Passwords
From High Integrity to SYSTEM with Name Pipes
Integrity Levels
JAWS
JuicyPotato
Leaked Handle Exploitation
MSI Wrapper
Named Pipe Client Impersonation
PowerUp
Privilege Escalation Abusing Tokens
Privilege Escalation with Autoruns
RottenPotato
Seatbelt
SeDebug + SeImpersonate copy token
SeImpersonate from High To System
Windows C Payloads
Authentication, Credentials, UAC and EFS
AV Bypass
Basic CMD for Pentesters
Checklist - Local Windows Privilege Escalation
1911 - Pentesting fox
6881/udp - Pentesting BitTorrent
About the author
Android Forensics
AWS Security
Brute Force - CheatSheet
Burp Suite
Certificates
Cloud security review
Emails Vulnerabilities
Exfiltration
External Recon Methodology
Interesting HTTP
Online Platforms with API
Other Web Tricks
Pentesting Methodology
Reset/Forgoten Password Bypass
Search Exploits
Stealing Sensitive Information Disclosure from a Web
Table of contents
TR-069
Tunneling and Port Forwarding
X.
The Hacker Manifesto
Hacker's Manifesto
Built with
from
Grav
and
Hugo
Shells
Shells (Linux, Windows, MSFVenom)
****
Shells - Linux
****
Shells - Windows
****
MSFVenom - CheatSheet
Auto-generated shells
****
https://github.com/ShutdownRepo/shellerator
****
****
https://github.com/0x00-0x00/ShellPop
****
****
https://github.com/cybervaca/ShellReverse
****
****
https://liftoff.github.io/pyminifier/
****
****
https://github.com/xct/xc/
****
****
https://weibell.github.io/reverse-shell-generator/
****
****
https://github.com/t0thkr1s/revshellgen
****
****
https://github.com/mthbernardes/rsg
****
****