Resources

A collection of links i’ve found useful. Tools/Guides/Websites.

Useful Tools

• GTFO Bins - Linux Binaries
• LOLBAS - GTFO Bins for Windows
• RevShells - Reverse Shell Generator
• PenTest.WS
• CyberChef Encoder/Decoder
• List of File Signatures
• Bash Scripting Cheatsheet
• Google Hacking Database - Useful google dorking
• XSS Cheatsheet- a series of XSS attacks that can be used to bypass certain XSS defensive filters
• Custom Word List generator - Web crawler.
• With TTPassGen we can create wordlists from scratch.
• NoSQL Injection - NoSQL payload allthethings

Useful Guides

• Hacktricks.xyz Pentesting Methodology
• Buffer Overflow Exploit Guide

Misc Tools

• FileSEC.io - latest file extensions being used by attackers
• LOTS Project - Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.
• Responder - Steal NTLM hashes. LLMNR NBT-NS, MDNS poisoner

Passwords/Hashes

• hashcat wiki - hash types and examples
• https://cirt.net/passwords - default passwords
• https://default-password.info/ - default passwords
• https://datarecovery.com/rd/default-passwords/ - default passwords
• Haiti - A ruby based hash identifier
• wordlistctl is a python script that fetches, installs, updates, and searches for wordlist archives from different websites with more than 6400 avalable.
• proper rules syntax.
• John the Ripper Rules - good collection of rules to add to /etc/john/john.conf
• Mentalist - Import a wordlist, add some Case, Substitution, Append/Prepend rules.

Privilege Escalation

• Hacktricks Windows Local Privilege Escalation Checklist
• Hacktricks Linux Privilege Escalation Checklist
• Payload All the THings
• Useful Linux PrivEsc Commands

Command Line

• SS64 - Command line refrences for all systems
• ExplainShell

SQL Tools

• SQLMap - Preinstalled on Kali. Automatic SQL injection and database takeover tool.

DNS Queries

• nslookup --type=CNAME website also --type=A, --type=MX, --type=TXT

HTTP Scanners

• joomscan - scans Joomla CMS’
• shodan - search for various types of servers connected to the internet using a variety of filters.
• theHarvester - a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources
• joomblah - SQL Injection for Joomla - it will dump the users and session tables
• nikto
• feroxbuster - a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web application, but are still accessible by an attacker.

Active Directory

• crackmapexec - Preinstalled on Kali - Post-exploitation tool that helps automate assessing security of large Active Directory networks and find misconfigurations.

Powershell

• Full list of operators
• Full List of Approved Verbs
• Learn Powershell in Y Minutes

OSINT

• ViewDNS.info - DNS History

SOC Stuff/Malware Analysis

• VirusTotal scan checksums of files to determine if maliciouis.
• Metadefender Cloud - OPSWAT
• https://dmarcian.com/ Check DMARC and SPF records
• The DFIR Report
• FireEye Threat Research Blogs
• AnyRun - Interactive Malware Hunting Service

Memory Analysis

• Volatilty Cheatsheet

Practice/Testing

• Testing XSS Skills

Evasion Techniques

• Fast Flux - How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement Takedowns

Tutorials/Process Explainations

• Hacking NodeJS and MongoDB

---