hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
-1- 3 Ways Extract Password Hashes from NTDS.dit:
https://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit
-2- 3 ways to Capture HTTP Password in Network PC:
https://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/
-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:
www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/
-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:
https://medium.com/p/2e143eb36941
-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:
https://medium.com/p/a11bb5f863b3/share/twitter
-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:
https://medium.com/p/a69afe5a0899
-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:
https://medium.com/p/e51a945b083d
-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:
https://medium.com/p/b29355a8e68e
-9-Recon — my way:
https://medium.com/p/82b7e5f62e21
-10-Reconnaissance: a eulogy in three acts:
https://medium.com/p/7840824b9ef2
-11-Red-Teaming-Toolkit:
https://github.com/infosecn1nja/Red-Teaming-Toolkit
-12-Red Team Tips:
-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:
https://modexp.wordpress.com/2019/04/24/glibc-shellcode/
-14-Shellcode: Encrypting traffic:
https://modexp.wordpress.com/2018/08/17/shellcode-encrypting-traffic/
-15-Penetration Testing of an FTP Server:
https://medium.com/p/19afe538be4b
-16-Reverse Engineering of the Anubis Malware — Part 1:
https://medium.com/p/741e12f5a6bd
-17-Privilege Escalation on Linux with Live examples:
https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
-18-Pentesting Cheatsheets:
https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:
https://sguru.org/ghdb-download-list-4500-google-dorks-free/
-21-SQL Injection Cheat Sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
-22-SQLmap’s os-shell + Backdooring website with Weevely:
https://medium.com/p/8cb6dcf17fa4
-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:
https://medium.com/p/c5a3f5764cb3
-24-Top 10 Essential NMAP Scripts for Web App Hacking:
https://medium.com/p/c7829ff5ab7
-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:
https://medium.com/p/52cf5c5640a1
-26-Re ected XSS Bypass Filter:
https://medium.com/p/de41d35239a3
-27-XSS Payloads, getting past alert(1):
https://medium.com/p/217ab6c6ead7
-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:
https://medium.com/p/50d8135b7549
-29-Web Application Firewall (WAF) Evasion Techniques:
https://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques
-30-OSINT Resources for 2019:
https://medium.com/p/b15d55187c3f
-31-The OSINT Toolkit:
https://medium.com/p/3b9233d1cdf9
-32-OSINT : Chasing Malware + C&C Servers:
https://medium.com/p/3c893dc1e8cb
-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:
https://medium.com/p/94377aa1f20a
-34-From OSINT to Internal – Gaining Access from outside the perimeter:
https://www.n00py.io/.../from-osint-to-internal-gaining-access-from-the-outside-the-perimeter
-35-Week in OSINT #2018–35:
https://medium.com/p/b2ab1765157b
-36-Week in OSINT #2019–14:
https://medium.com/p/df83f5b334b4
-37-Instagram OSINT | What A Nice Picture:
https://medium.com/p/8f4c7edfbcc6
-38-awesome-osint:
https://github.com/jivoi/awesome-osint
-39-OSINT_Team_Links:
https://github.com/IVMachiavelli/OSINT_Team_Links
-40-Open-Source Intelligence (OSINT) Reconnaissance:
https://medium.com/p/75edd7f7dada
-41-Hacking Cryptocurrency Miners with OSINT Techniques:
https://medium.com/p/677bbb3e0157
-42-A penetration tester’s guide to sub- domain enumeration:
-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:
https://blackarch.org/recon.html
-44-What tools I use for my recon during BugBounty:
https://medium.com/p/ec25f7f12e6d
-45-Command and Control – DNS:
https://pentestlab.blog/2017/09/06/command-and-control-dns/
-46-Command and Control – WebDAV:
https://pentestlab.blog/2017/09/12/command-and-control-webdav/
-47-Command and Control – Twitter:
https://pentestlab.blog/2017/09/26/command-and-control-twitter/
-48-Command and Control – Kernel:
https://pentestlab.blog/2017/10/02/command-and-control-kernel/
-49-Source code disclosure via exposed .git folder:
https://pentester.land/tutorials/.../source-code-disclosure-via-exposed-git-folder.html
-50-Pentesting Cheatsheet:
https://hausec.com/pentesting-cheatsheet/
-51-Windows Userland Persistence Fundamentals:
https://www.fuzzysecurity.com/tutorials/19.html
-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:
https://medium.com/p/abdc7c269dd5
-53-awesome-bug-bounty:
https://github.com/djadmin/awesome-bug-bounty
-54-dostoevsky-pentest-notes:
https://github.com/dostoevskylabs/dostoevsky-pentest-notes
-55-awesome-pentest:
https://github.com/enaqx/awesome-pentest
-56-awesome-windows-exploitation:
https://github.com/enddo/awesome-windows-exploitation
-57-awesome-exploit-development:
https://github.com/FabioBaroni/awesome-exploit-development
-58-BurpSuit + SqlMap = One Love:
https://medium.com/p/64451eb7b1e8
-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:
https://medium.com/p/a5a5d3ffea46
-60-DLL Injection:
https://pentestlab.blog/2017/04/04/dll-injection
-61-DLL Hijacking:
https://pentestlab.blog/2017/03/27/dll-hijacking
-62-My Recon Process — DNS Enumeration:
https://medium.com/p/d0e288f81a8a
-63-Google Dorks for nding Emails, Admin users etc:
https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc
-64-Google Dorks List 2018:
https://medium.com/p/fb70d0cbc94
-65-Hack your own NMAP with a BASH one-liner:
https://medium.com/p/758352f9aece
-66-UNIX / LINUX CHEAT SHEET:
cheatsheetworld.com/programming/unix-linux-cheat-sheet/
-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:
https://medium.com/p/74d2bec02099
-68- information gathering:
https://pentestlab.blog/category/information-gathering/
-69-post exploitation:
https://pentestlab.blog/category/post-exploitation/
-70-privilege escalation:
https://pentestlab.blog/category/privilege-escalation/
-71-red team:
https://pentestlab.blog/category/red-team/
-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:
https://www.hackingloops.com/command-cheat-sheet-for-linux/
-73-Web Application Penetration Testing Cheat Sheet:
https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/
-74-Windows Kernel Exploits:
https://pentestlab.blog/2017/04/24/windows-kernel-exploits
-75-Windows oneliners to download remote payload and execute arbitrary code:
-76-Windows-Post-Exploitation:
https://github.com/emilyanncr/Windows-Post-Exploitation
-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:
https://medium.com/p/a2ddc3557403
-78-Windows Privilege Escalation Fundamentals:
https://www.fuzzysecurity.com/tutorials/16.html
-79-Windows Privilege Escalation Guide:
www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
-80-Windows Active Directory Post Exploitation Cheatsheet:
https://medium.com/p/48c2bd70388
-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:
https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html
-82-VNC Penetration Testing (Port 5901):
http://www.hackingarticles.in/vnc-penetration-testing
-83- Big List Of Google Dorks Hacking:
https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking
-84-List of google dorks for sql injection:
https://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/
-85-Download Google Dorks List 2019:
https://medium.com/p/323c8067502c
-86-Comprehensive Guide to Sqlmap (Target Options):
http://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2
-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:
www.cybersyndicates.com/.../email-reconnaissance-phishing-template-generation-made-simple
-88-Comprehensive Guide on Gobuster Tool:
https://www.hackingarticles.in/comprehensive-guide-on-gobuster-tool/
-89-My Top 5 Web Hacking Tools:
https://medium.com/p/e15b3c1f21e8
-90-[technical] Pen-testing resources:
https://medium.com/p/cd01de9036ad
-91-File System Access on Webserver using Sqlmap:
http://www.hackingarticles.in/file-system-access-on-webserver-using-sqlmap
-92-kali-linux-cheatsheet:
https://github.com/NoorQureshi/kali-linux-cheatsheet
-93-Pentesting Cheatsheet:
https://anhtai.me/pentesting-cheatsheet/
-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):
http://www.hackingarticles.in/command-injection-exploitation-through-sqlmap-in-dvwa
-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:
https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html
-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:
https://www.notsosecure.com/analyzing-cve-2018-6376/
-97-Exploiting Sql Injection with Nmap and Sqlmap:
http://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap
-98-awesome-malware-analysis:
https://github.com/rshipp/awesome-malware-analysis
-99-Anatomy of UAC Attacks:
https://www.fuzzysecurity.com/tutorials/27.html
-100-awesome-cyber-skills:
https://github.com/joe-shenouda/awesome-cyber-skills
-101-5 ways to Banner Grabbing:
http://www.hackingarticles.in/5-ways-banner-grabbing
-102-6 Ways to Hack PostgresSQL Login:
http://www.hackingarticles.in/6-ways-to-hack-postgressql-login
-103-6 Ways to Hack SSH Login Password:
http://www.hackingarticles.in/6-ways-to-hack-ssh-login-password
-104-10 Free Ways to Find Someone’s Email Address:
https://medium.com/p/e6f37f5fe10a
-105-USING A SCF FILE TO GATHER HASHES:
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes
-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):
http://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit
107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:
-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):
https://medium.com/p/ef6542301c65
-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:
https://gbhackers.com/external-black-box-penetration-testing
-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:
https://gbhackers.com/hacking-tools-list
-111-Most Important Considerations with Malware Analysis Cheats And Tools list:
https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list
-112-Awesome-Hacking:
https://github.com/Hack-with-Github/Awesome-Hacking
-113-awesome-threat-intelligence:
https://github.com/hslatman/awesome-threat-intelligence
-114-awesome-yara:
https://github.com/InQuest/awesome-yara
-115-Red-Team-Infrastructure-Wiki:
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
-116-awesome-pentest:
https://github.com/enaqx/awesome-pentest
-117-awesome-cyber-skills:
https://github.com/joe-shenouda/awesome-cyber-skills
-118-pentest-wiki:
https://github.com/nixawk/pentest-wiki
-119-awesome-web-security:
https://github.com/qazbnm456/awesome-web-security
-120-Infosec_Reference:
https://github.com/rmusser01/Infosec_Reference
-121-awesome-iocs:
https://github.com/sroberts/awesome-iocs
-122-blackhat-arsenal-tools:
https://github.com/toolswatch/blackhat-arsenal-tools
-123-awesome-social-engineering:
https://github.com/v2-dev/awesome-social-engineering
-124-Penetration Testing Framework 0.59:
www.vulnerabilityassessment.co.uk/Penetration%20Test.html
-125-Penetration Testing Tools Cheat Sheet :
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:
-127-Spear Phishing 101:
https://blog.inspired-sec.com/archive/2017/05/07/Phishing.html
-128-100 ways to discover (part 1):
https://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/
-129-Comprehensive Guide to SSH Tunnelling:
http://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/
-130-Capture VNC Session of Remote PC using SetToolkit:
http://www.hackingarticles.in/capture-vnc-session-remote-pc-using-settoolkit/
-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:
http://www.hackingarticles.in/hack-remote-pc-using-psexec-injection-set-toolkit/
-132-Denial of Service Attack on Network PC using SET Toolkit:
http://www.hackingarticles.in/denial-of-service-attack-on-network-pc-using-set-toolkit/
-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:
-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):
http://www.hackingarticles.in/hack-android-phone-droidjack-beginners-guide/
-135-HTTP RAT Tutorial for Beginners:
http://www.hackingarticles.in/http-rat-tutorial-beginners/
-136-5 ways to Create Permanent Backdoor in Remote PC:
http://www.hackingarticles.in/5-ways-create-permanent-backdoor-remote-pc/
-137-How to Enable and Monitor Firewall Log in Windows PC:
http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/